New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
supabase signInWithIdToken not working: Nonces mismatch #1176
Comments
Did you try to also pass the access token in the signInWithIdToken function? |
Passing access_token along with id_token does not solve the error: |
+1 having the same issue :( |
is there any solution I am having exactly same issue |
I've been blocked on this for a while now. My code is nearly identical to the OP. I'm getting the nonce from jwt-decode, but passing it in the signInWithIdToken() call only changes the error from 'Passed nonce and nonce in id_token should either both exist or not' to nonces mismatch. Anyone have any suggestions or solutions? It seems like the signInWithIdToken() isn't behaving as expected, or I'm missing something. |
To my understanding Supabase expects the nonce to be the decoded version of the nonce present in the ID token received from google, hence why passing the nonce from the ID token doesnt work as it will get its hash and match them for equality.
|
Hate to say it, but it doesn't look like this will work currently. Supabase requires a nonce if it's in the token, and react native doesn't expose the nonce in its current implementation. Unless I've got something wrong, native signin on iOS with supabase and react-native isn't possible at this time. Either supabase has to modify the endpoint (unlikely) or react-native has to expose the nonce (unlikely any time soon, I assume). |
Hello and thanks for reporting, edit2: I tested this and it works, can be used like this:
Thank you 🙂 |
quick update: passing custom nonce works as outlined in the post above, for Android. For iOS, I confirm that a valid idToken for supabase can be obtained using https://docs.expo.dev/versions/latest/sdk/auth-session/ (edit: no need to use any of the deprecated APIs) edit2: please note rn-google sign in does not expose nonce option because the underlying native sdk doesn't expose it either related issue: supabase/auth#1205 (comment) |
Facing the same issue Any workaround? |
Expo auth session for Google auth is deprecated: https://docs.expo.dev/versions/latest/sdk/auth-session/#googleauthrequestconfig |
Hi everyone, I got it working by using the browser Made a gist for everyone who is struggling to solve this: https://gist.github.com/sonipranjal/f4a66f35924ede2e2f4a8d5b66199857 |
I am having the same problem, it seems like @react-native-google-signin/google-signin and supabase are not compatible because there is currently no way to get the nonce value expected by supabase signInWithIdToken method |
Same problem here, the library is useless if we can't get, or pass, the nonce value... |
same problem here... |
hello everyone, I'm going to lock this discussion because there's nothing new that can be added to it at this point. To summarize (basically repeating this comment): to provide custom nonce: on Android, you need to use one-tap sign in which is available for sponsors. Thank you! 🙂 |
Hello, if anyone's interested in how to do this properly, including custom nonce, with My PR to allow custom nonce in AppAuth is merged, but now we need to wait for the work to be released (by AppAuth maintainers) and integrated into the Google Sign In SDK (I'll do that part). openid/AppAuth-iOS#788 |
I got this working for myself using Maintainer edit: please note this approach skips the nonce. Not using nonce is not recommended for security reasons. |
Any solutions without skipping nonce checks ? |
@vonovak Hi, thanks for all the work 👋 It is my understanding that AppAuth-iOS v1.7.X has been released which includes the custom nonce fix: https://github.com/openid/AppAuth-iOS/releases Is there anything blocking that from being integrated now or is it just a matter of time/prioritisation? |
hi @jonassvalin, In the mean time, the best workaround is in #1176 (comment) |
The text was updated successfully, but these errors were encountered: