search

FormidableLabs / react-native-app-auth

React native bridge for AppAuth - an SDK for communicating with OAuth2 providers
https://commerce.nearform.com/open-source/react-native-app-auth
MIT License
2.04k stars 441 forks source link

Sign in with Google on iOS with predefined state not possible #965

Open Iniwuijshi opened 6 months ago

Iniwuijshi commented 6 months ago

My OIDAuthorizationRequest needs a predefined state. Since there is no parameter in the interface I tried it with the additional parameters. That works but there is an issue with the default behaviour on iOS or in the objc implementation respectively:

RNAppAuth.m

    // builds authentication request
    OIDAuthorizationRequest *request =
    [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
                                                    clientId:clientId
                                            clientSecret:clientSecret
                                                     scope:[OIDScopeUtilities scopesWithArray:scopes]
                                               redirectURL:[NSURL URLWithString:redirectUrl]
                                              responseType:OIDResponseTypeCode
                                                     state: additionalParameters[@"state"] ? additionalParameters[@"state"] : [[self class] generateState]
                                                     nonce:nonce
                                              codeVerifier:codeVerifier
                                             codeChallenge:codeChallenge
                                      codeChallengeMethod: usePKCE ? OIDOAuthorizationRequestCodeChallengeMethodS256 : nil
                                      additionalParameters:additionalParameters];

Iff the state is present in the additional parameters, it gets taken from there but if it's there the lib will add it too. So the state is attached twice.

For reference: The java code on the other hand removes the state from the additional parameters after reading the state. So it gets added only once. Which is the right approach if u ask me.

The Problem with the whole thing is, that the double attachment of the state leads to an invalid_request on the google side. (Apple seems not to be picky. At least if the key value pair is the same). looks like in the screenshot attached: Screenshot 2024-04-29 at 08 40 41

My current workaround is; setting the state parameter to nil since the value is nullable and add it via the additional parameters from the react native js side.

Environment

IDP: Zitadel / Google platform: iOS react native: v0.73.4 react native app auth: ^7.1.0 No expo

devDohyun commented 4 months ago

~same issue here.~

Update: This issue can be resolved by setting the useNonce: false option. Related to : https://github.com/FormidableLabs/react-native-app-auth/pull/736/files