Unacceptable audience in id_token: GoogleSignIn library

[ActuallyTaylor]

Bug report

Describe the bug

I have implemented the GoogleSignIn library for my application to retrieve data from the user's Gmail account. I would like to continue using the GoogleSignIn library in my app, but I also want to implement Supabase google authentication. Whenever I go to sign in the user using their idToken and accessToken I get the following error:

Unacceptable audience in id_token Auth.AuthError.api(Auth.AuthError.APIError(msg: nil, code: nil, error: Optional("invalid request"), errorDescription: Optional("Unacceptable audience in id_token"), weakPassword: nil))

I have checked my Supabase console and I am placing my iOS app's bundle ID into "Authorized Client IDs" which seems to only be for Android. Do I need to place this into the ClientID? If so what would my secret be in this situation.

Additional context

I have the following code (condensed) which authenticates the user first with GoogleSignIn. It then takes the user object and takes the idToken as well accessToken and provides them to Supabase's signInWithIdToken function.

let result = try await GIDSignIn.sharedInstance.signIn(withPresenting: window, hint: nil)
        
let user = result.user

guard let idToken = user.idToken?.tokenString else {
	return
}

try await supabase.auth.signInWithIdToken(
    credentials: .init(
        provider: .google,
        idToken: idToken,
        accessToken: user.accessToken.tokenString
    )
)

[grdsdev]

Hi @ActuallyTaylor we have a new guide for Google Sign-In, can you check it?

[dshukertjr]

@ActuallyTaylor The error most likely means that you didn't set the web client ID in your Supabase dashboard. Google uses web client ID to verify the token instead of the iOS client ID, so although you do need to create the iOS client ID as well, you do need to create the web client ID in addition to it, add it your application and add it to the Supabase dashboard.