Open kelvanb97 opened 5 months ago
same android only
I'm also running into this trying to transition from Firebase auth to Supabase auth. It seems that Facebook auth is not usable with Supabase at the moment? This is a critical blocker for us. @hf @kangmingtay is this easily resolvable?
Hey,
Thanks everyone. Would anyone be able to supply us the rough structure of a JWT issued by Facbeook auth? With sensitive fields omitted of course.
Facebook encrypts their token. AFAIK there's no way to decode it. Looking at their docs it's unclear how to get a plain JWT from them. https://developers.facebook.com/docs/facebook-login/guides/access-tokens
Supabase auth may need to take the encrypted facebook token and call a facebook endpoint to validate it then mint a jwt for the user based on that.
Same issue here. without facebook login integration working, we can't use supabase.
Facing the same issue when trying to implement Facebook Limited Login in an app.
token = AuthenticationToken.getAuthenticationTokenIOS()
from react-native-fbsdk-next
Running supabase.auth.signInWithIdToken({ provider: "facebook", token: token, nonce: "xxxx" })
returns error [AuthApiError: Bad ID token]
JWT structure of token
is below @J0. I believe it's valid and just unsupported on supabase side?
{
"iss": "https://www.facebook.com",
"aud": "1891562374xxxxxx",
"sub": "7897141157xxxxxx",
"iat": 1719494213,
"exp": 1719497813,
"jti": "xxxxxxxxx",
"nonce": "xxxxxx",
"at_hash": "xxxxxxxx",
"given_name": "Name",
"family_name": "Surname",
"name": "Name Surname",
"picture": "https://platform-lookaside.fbsbx.com/platform/profilepic/?xxxx"
}
@dimatarasenko1 Unfortunately that will only work on iOS. AFAIK you can't use limited login on Android.
To be clear that's running on iOS via react-native-fbsdk-next
, executing AuthenticationToken.getAuthenticationTokenIOS()
and returning a JWT token all ok on the Facebook side @evelant
The error is thrown when passing this token to supabase.auth.signInWithIdToken
Yes I'm aware, I was just pointing out that even if Supabase fixes parsing of that token it won't help with Android at all because you can't get a limited login token on Android.
+1
I'm also running into this trying to transition from Firebase auth to Supabase auth. It seems that Facebook auth is not usable with Supabase at the moment? This is a critical blocker for us. @hf @kangmingtay is this easily resolvable?
Hey @evelant,
Have you found a workaround for this issue? I am also trying to transition from Firebase Auth, and this is completely blocking me.
Hi everyone, we're aware of this problem with signInWithIdToken
and facebook - currently, the team is stretched extremely thin on bandwidth and it will be quite some time before we're able to investigate the root cause and push a fix for it.
We do welcome any contributions to attempt to fix this issue and we'll be more than happy to help review it:
signInWithIdToken
flow (https://github.com/supabase/auth/blob/master/internal/api/token_oidc.go#L120)parseGenericIDToken
method, which may have some issues with the underlying spec used by facebook. Here are some useful references sent by another user in an internal support ticket:
Take your time. meanwhile,we are replacing supabase with something else.
On Fri, Aug 2, 2024 at 12:55 AM Kang Ming @.***> wrote:
Hi everyone, we're aware of this problem with signInWithIdToken and facebook - currently, the team is stretched extremely thin on bandwidth and it will be quite some time before we're able to investigate the root cause and push a fix for it.
We do welcome any contributions to attempt to fix this issue and we'll be more than happy to help review it:
- Entrypoint for signInWithIdToken flow ( https://github.com/supabase/auth/blob/master/internal/api/token_oidc.go#L120 )
- Where we handle parsing the id tokens for identity providers ( https://github.com/supabase/auth/blob/6ccd814309dca70a9e3585543887194b05d725d3/internal/api/provider/oidc.go#L55-L70 )
- Facebook uses the parseGenericIDToken method, which may have some issues with the underlying spec used by facebook.
Here are some useful references sent by another user in an internal support ticket:
- Facebook's OpenID configuration endpoint: https://www.facebook.com/.well-known/openid-configuration/
- Token endpoint: https://graph.facebook.com/v17.0/oauth/access_token
- Possibly a useful link to why facebook's OIDC endpoint doesn't work for the generic use case: https://stackoverflow.com/questions/76473817/is-it-possible-to-use-facebook-limited-login-via-openid-connect-with-pac4j
— Reply to this email directly, view it on GitHub https://github.com/supabase/auth/issues/1522#issuecomment-2263696801, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAENN3NAJX2OCKRUYP6FDITZPJ4THAVCNFSM6AAAAABF66LMRSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRTGY4TMOBQGE . You are receiving this because you commented.Message ID: @.***>
Is there any update on this? Are there alternative ways to use Facebook or is this a total blocker?
It's wild that there's no fix almost 6 months later.
Bug Report
Describe the bug
Experiencing issues with
supabase.auth.signInWithIdToken
via thereact-native-fbsdk-next
lib, custom auth flow, and web based approach for authentication. All errors point in the same direction:ERROR : {"name":"AuthApiError","message":"Bad ID token","status":400}
To Reproduce
Steps to reproduce the behavior:
supabase.auth.signInWithIdToken
with react-native-fbsdk-next according to Supabase docs.Expected behavior
Successful authentication without errors using both the native and web approaches for logging in with Facebook credentials.
Screenshots
N/A
System information
N/A
Additional context
The issue seems related to handling JWT structures and server-side errors during the authentication process. Investigations into Supabase's handling of generic ID tokens and discussions on platforms like Reddit suggest this might be an upstream error with Supabase. Looking at the function
ParseIDToken
found at auth/internal/api/provider/oidc.go it looks like the same pattern needs to be applied to Facebook Id tokens.Suggested fix
Add a new function
parseFacebookIdToken
toParseIDToken
that is specifically designed for FB JWT tokens.