Apple Sign On: [AuthApiError: Bad ID token]

[andrisole92]

Bug report

• [x] I confirm this is a bug with Supabase, not with my own application.
• [x] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

Starting today receiving "error": [AuthApiError: Bad ID token] when trying to sign in with Apple.

Wasn't happening before today. identityToken is returned by Apple.

To Reproduce

Using Apple Button with the following code:

 const credential = await AppleAuthentication.signInAsync({
              requestedScopes: [
                AppleAuthentication.AppleAuthenticationScope.FULL_NAME,
                AppleAuthentication.AppleAuthenticationScope.EMAIL,
              ],
            })

            console.log({ credential, id: credential.identityToken })

            if (credential.identityToken) {
              const {
                error,
                data: { user, session },
              } = await supabase.auth.signInWithIdToken({
                provider: "apple",
                token: credential.identityToken,
              })

              console.log({ error: error, user, session })

              if (!error) {
                setAuth(user, session)
                // User is signed in.
              }
            } else {
              throw new Error("No identityToken.")
            }
            // signed in
          } catch (e) {
...

Expected behavior

Should sign in

Screenshots

N/A

System information

• OS: Mac OS
• React Native Expo App
• Version of supabase-js: 2.39.1
• Version of Node.js: N/A

Additional context

N/A

[pfista]

+1

[johnjjung]

+1

[elliottetzkorn]

Confirmed same problem on Flutter.

[GaryAustin1]

There are multiple reports of issues on this in Discord. Moved from supabase-js to gotrue.

[jointhejourney]

We're seeing the same issues on web as well, although it returns a different error: "Error getting user profile from external provider"

[oleksandrzeus]

Same on native iOS

[benemanu]

Same in Flutter

[kangmingtay]

Hey everyone, we've made the fix in this PR and will roll it out to all affected projects on supabase soon. We haven't made any changes to apple oauth recently so it seems like apple changed the type returned in their API to include booleans too (https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple)

is_private_email A string or Boolean value that indicates whether the email that the user shares is the proxy address. The value can either be a string ("true" or "false") or a Boolean (true or false).

[kangmingtay]

Hey everyone, we've just rolled out the fix but if you're still seeing the same issue, please reach out to us via https://supabase.help and mention this issue.

[andrisole92]

Thank you @kangmingtay.

would it be possible to set up some monitoring for Oauth services on your side?

[benemanu]

Hello, i‘ll figure it out, if i can implement sth, im kinda new to software development. Have a nice EveningSent from my iPhoneOn 06.02.2024, at 6:44 PM, Andrey Ruzencevs @.***> wrote: Thank you @kangmingtay. would it be possible to set up some monitoring for Oauth services on your side?

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: @.***>

[andrisole92]

By they way still not working for me @kangmingtay

[johnjjung]

works for me - ty for the fast turn around!

[andrisole92]

Do I need to update the supabase-js client? Or is it because changes are still propagating?

cc @kangmingtay

[Aayush9029]

I'm experiencing the same error on the native iOS app (Swift SDK) as well, not self-hosting Supabase.

I can confirm that the error is a bad ID token, which is reproducible if the user uses "hide my email."

Otherwise, it works as before.

Is there anything we can do on our end, or do we have to wait for the projects to be updated on Supabase's end?

tysm

[kangmingtay]

@andrisole92 @Aayush9029 can yall please reach out to https://supabase.help/ so we can investigate? the internal error message that you should be observing from your project's auth logs should along the lines of json: invalid use of ,string struct tag, trying to unmarshal unquoted value into *bool. If you're seeing a different error, it may be something else but we'll need more information to investigate further.

[andrisole92]

@kangmingtay i have contacted 26 hours back and haven’t heard anything back yet.

[Aayush9029]

@andrisole92 @Aayush9029 can yall please reach out to https://supabase.help/ so we can investigate? the internal error message that you should be observing from your project's auth logs should along the lines of json: invalid use of ,string struct tag, trying to unmarshal unquoted value into *bool. If you're seeing a different error, it may be something else but we'll need more information to investigate further.

json: invalid use of ,string struct tag, trying to unmarshal unquoted value into *bool

That's exactly what I see :) I did reach out to the team no response :(

[kangmingtay]

@andrisole92 @Aayush9029 found your tickets and i've just rolled out the fix to them

[kangmingtay]

I'll be closing this issue since it's been resolved.

[isaachinman]

@kangmingtay We are seeing this issue as well, and had a store submission rejected because of it.

I originally opened https://github.com/supabase/supabase/issues/21109

How can we get this fix applied to our hosted Supabase application?

Edit: I have created a support ticket as well

[Aayush9029]

found your tickets and i've just rolled out the fix to them

Fixed. Thank you!

[aharwood9]

I am in the same boat as @isaachinman and also had my store submission rejected because of it. I've also raised a support ticket as per the previous requests 👍

[Mistes974]

@kangmingtay We are seeing this issue as well, and had a store submission rejected because of it.

I originally opened supabase/supabase#21109

How can we get this fix applied to our hosted Supabase application?

Edit: I have created a support ticket as well

Same question... Do I need to update my Supabase package in my app to fix it? I've actually tried, but it's still not working.

[isaachinman]

@Mistes974 This has nothing to do with the Supabase JS SDK.

[titi-devv]

Same issue, started 3 days ago...

[Atomic71]

I am "only" experiencing this issue when the user chooses not to share the e-mail whilst signing in with apple (resulting in a apple-relay e-mail)... hope this helps debugging

[Alkhajeh]

We are still facing the same issue and opened a ticket id 2353969838

[wix001]

We are also being affected by this issue with user experience, here is our Support Ticket ID: 2349139202

[GaryAustin1]

Another user in discord with this error.
Not sure why this is closed.

[mansueli]

This was fixed in version 2.139.2 #1395.

https://github.com/supabase/gotrue/pull/1395

You can check the Gotrue version of your project here: https://supabase.com/dashboard/project/_/settings/infrastructure

[GaryAustin1]

I'll pass that on. Not sure that has been mentioned that you have to do an upgrade to get it.

[titi-devv]

This was fixed in version 2.139.2 #1395.

1395

You can check the Gotrue version of your project here: https://supabase.com/dashboard/project/_/settings/infrastructure

I'm not sure how to upgrade my GoTrue version? I updated PostgreSQL version but GoTrue is still 2.132.3 :/

[andrisole92]

My go true is: 2.139.2-rc.7

I didn't do anything, it just started working yesterday

[solibe1]

Same I upgraded my postgress v but not sure how to upgrade my go true

[GaryAustin1]

New instance pulls up 2.132.3. No option to upgrade.

[solibe1]

that's really frustrating, can you please push support team to check my ticket, I'm losing users because of that

[titi-devv]

Any updates ???? I still have gotrue version 2.132.3.

[Quaza35]

Has a solution been posted regarding the issue?

[aydahealth]

I'm facing this issue as well

[monicakh]

The AMI should be updated tomorrow, once the release PR is merged, you should be able to upgrade your Gotrue version from here: https://supabase.com/dashboard/project/_/settings/infrastructure

[J0]

Hey Team,

Thanks Monica! Beyond the Auth release PR being merged we'll need to release it internally as well - we'll circle back here with an update once that happens.

[xSoul21]

Sorry, but i have the same problem. I still have gotrue version 2.132.3 and i don't seem i can change it.

Thanks for the help

[solibe1]

Contact support, they will change it for you.

On Tue, Feb 13, 2024 at 7:23 PM Daniele Zucca @.***> wrote:

Sorry, but i have the same problem. I still have gotrue version 2.132.3 and i don't seem i can change it.

Thanks for the help

— Reply to this email directly, view it on GitHub https://github.com/supabase/gotrue/issues/1401#issuecomment-1942897189, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANKT6WL3CN7RRQQ4CVW4SCLYTP7Y3AVCNFSM6AAAAABC3HVVZOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNBSHA4TOMJYHE . You are receiving this because you commented.Message ID: @.***>

[J0]

Hey team,

Thanks for patiently waiting. You should now be able to upgrade to a patched version under Settings > Infrastructure > Upgrade Postgres Version to 15.1.1.16 - do note that this will involve some downtime

We'll be rolling out the patch across the board next week.

Thanks!

[MattyPalka]

https://github.com/supabase/gotrue/issues/1401#issuecomment-1945673357

This fixed the issue for me

[lightstrike]

@J0 Thank you for confirming here, this fixed Apple auth in one of our projects as well!

Is there a standard way that these kinds of regressions and subsequent fixes are communicated with Supabase users? This one caused a fair amount of grief for our team and I imagine we are not the only ones. If not (I wasn't able to find anything), an email or toast within the dashboard would be very helpful and would have saved us hours of time in this case.

[CodeWithRomaen]

Updating

The AMI should be updated tomorrow, once the release PR is merged, you should be able to upgrade your Gotrue version from here: https://supabase.com/dashboard/project/_/settings/infrastructure

Using this link to update to the latest postgres version also resolved the issue for me. 👍

[wishup-agrit]

hey, I am setting up Native Apple sign in wih supabase in my react native project, my error is

 {
  "error": {
    "__isAuthError": true,
    "name": "AuthApiError",
    "status": 400
  },
  "user": null
}

and the same code as described in the issue, I am