Google Sign In fails with Error 400: Invalid_request when app check is enforced

[sanjayelate]

Can we access your project?

• [X] I give permission for members of the FlutterFlow team to access and test my project for the sole purpose of investigating this issue.

Current Behavior

Google Sign-In process in a FlutterFlow app that results in an "Error 400: invalid_request" during the OAuth flow when app check is enabled.

I believe it's related to this: https://firebase.blog/posts/2024/02/app-check-comes-to-google-idp-ios. Error also discussed here: https://stackoverflow.com/questions/79131727/securing-google-identification-for-ios-with-firebase-appcheck

Example error code:

Error 400: invalid_request Request details: response_type=code code_challenge_method=S256 nonce=0nElX31qLgQ0Dq0aZyiVOY6Z0ICPU-or6R5t3E2UDJc device_os=iOS 18.0.1 client_id=257414503801-.apps.googleusercontent.com emm_support=1 gpsdk=gid-7.1.0 gidenv=ios state=_BK3scc2Y72FeHTVO0Zu06CaGerBPgz1fedDU0lq-2c redirect_uri=com.googleusercontent.apps.257414503801-/oauth2callback code_challenge=YXA2OVMnVJ3ozlcHpd4fwTt8GUcMrDKCHc6CvUeOEWA include_granted_scopes=true access_type=offline scope=https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email openid flowName=GeneralOAuthFlow

Investigation and Findings:

1. App Checks setup
   • Verified that Firebase App Check is correctly set up in Firebase with debug as apple sign in, firestore etc all work as expected
   • Verified App Check is initialized correctly and tokens are generated successfully before Google Sign In is attempted
2. OAuth Configuration
   • Checked the client_id and iOS URL scheme in the Google Cloud Console and Xcode project. Both were correctly configured.
3. PKCE Parameters
   • The error suggested missing or incorrect PKCE parameters (code_challenge and code_verifier). The AppAuth framework requires these for secure OAuth flows

Diagnosis: The issue appears to be that while the code_challenge_method is being set to S256, the actual code_challenge parameter is missing from the request. This happens when:

• The authorization request isn't using the convenience initializer that automatically handles PKCE
• The PKCE parameters aren't being properly passed through the OAuth flow

Tried creating a custom google sign in but FlutterFlow has limitations on return types so can't return userCredentials

Expected Behavior

Google sign in should not be blocked

Steps to Reproduce

Enforce appcheck when using Google Identity for iOS

Reproducible from Blank

• [ ] The steps to reproduce above start from a blank project.

Bug Report Code (Required)

ITFfk8n1z892pbwC+a6JLMJKiSkXNW0cTeU30+thcw4bI+PzBLQIOsmkUBFBSOqHTwl2E2ekgToFw8rPis79VO4CNUmtGL5f/6l5UxDiQlqmVbrREpG0R3FSM/tWf0+Oy7SnhRYlOvF2ZVJi7V73BN+Qb3qCf9qOYwx5e6fDbOY=

Visual documentation

Environment

- FlutterFlow version: 5.0.9
- Platform: iOS

Additional Information

No response

[Alezanello]

It appears that Firebase is not recognizing the iOS project within your Firebase setup. You could try removing the iOS app from the Firebase project and then re-generating it via FlutterFlow. Alternatively, you can use the "Generate Config Files" feature within FlutterFlow to see if it resolves the issue.

I recall encountering a similar situation a few months ago; this Stack Overflow post may provide some helpful insights: Error 400: Invalid request for iOS Google Sign-In.

I hope this helps!

[sanjayelate]

It appears that Firebase is not recognizing the iOS project within your Firebase setup. You could try removing the iOS app from the Firebase project and then re-generating it via FlutterFlow. Alternatively, you can use the "Generate Config Files" feature within FlutterFlow to see if it resolves the issue.

I recall encountering a similar situation a few months ago; this Stack Overflow post may provide some helpful insights: Error 400: Invalid request for iOS Google Sign-In.

I hope this helps!

@Alezanello I should've mentioned, I'd tried that already too. Have regenerated the config files, have removed the ios project and re-added it, even checked and regenerated the api keys

[Alezanello]

I highly recommend reaching out to support through the in-app chat or by emailing support@flutterflow.io, as this appears to be a project-specific issue. Please note that this GitHub issue tracker is primarily intended for bugs that can be reproduced in a new blank project.

Thank you for your understanding!

[github-actions[bot]]

This issue is stale because it has been open for 7 days with no activity. If there are no further updates, a team member will close the issue.