Native Sign In

[bdlukaa]

Feature request

Is your feature request related to a problem? Please describe.

I want to sign in using a sign in provider, but the current implementation is not good. Launching the browser is not a good user experience.

Describe the solution you'd like

Use the google_sign_in package to sign the user in using Google and sign_in_with_apple to sign the user in using Apple.

Both of the packages return the user credentials, so, if I could sign in using the user credentials (just like Firebase does), it'd be great!

Aditional context

If launching the brower will still be the current solution, we could have in-app-handling. By default, Android opens up a browser when handling URLs. You can pass forceWebView: true parameter to tell the plugin to open a WebView instead.

[himeshp]

+1, I have been waiting for this implementation.

[dshukertjr]

There needs to be some work done on the server side, but once that is done, we should be able to add this feature! Related issue from GoTrue repo: https://github.com/supabase/gotrue/issues/140

[bdlukaa]

Depend on https://github.com/supabase/gotrue-js/issues/169

[DanMossa]

Made a PR to bring this to Dart https://github.com/supabase-community/gotrue-dart/pull/61

[fabios9702]

Hello, I've implemented Sign In with Apple in my App, but on iOS instead of opening the sign in sheet in the app, it opens safari with Sign In with Apple the then the user is redirect in the app, I'm calling the function like this:

supabase.auth.signInWithProvider( Provider.apple, options: AuthOptions( redirectTo: 'io.supabase.flutterquickstart://login-callback/'), );

Is it possible to open the sheet directly in the app and ket the user sign in, I've tried getting the credential and then passing to su-abase, but I always got an error of missing 'expires_in' parameters. Anyone has a solution?

I'm using su-abase 0.3.6 version on flutter

[nextdev1111]

When will it be implemented

[TonyFresneau]

Hello, I've implemented Sign In with Apple in my App, but on iOS instead of opening the sign in sheet in the app, it opens safari with Sign In with Apple the then the user is redirect in the app, I'm calling the function like this:

supabase.auth.signInWithProvider( Provider.apple, options: AuthOptions( redirectTo: 'io.supabase.flutterquickstart://login-callback/'), );

Is it possible to open the sheet directly in the app and ket the user sign in, I've tried getting the credential and then passing to su-abase, but I always got an error of missing 'expires_in' parameters. Anyone has a solution?

I'm using su-abase 0.3.6 version on flutter

Hello, if you have any solutions for this i take it :)

[hmarat]

@dshukertjr hey :) Do you have even a little progress? We all waiting for it )

[dshukertjr]

Thanks everyone for waiting patiently for this feature. Security comes first at Supabase, and we are making sure this feature lands securely when it does. Because of that, it is taking time.

Again, thank you all so much for the patients.

[hmarat]

Hey @dshukertjr I have too ask you again about approximate TIME of this feature, because we should decide start it with firebase or wait for supabase. Thank you!

[bdlukaa]

As far as I can tell (and by the context of this issue and the library itself), native sign in has already been achieved with signInWithOpenIDConnect. Yet, it needs some improvements and we'd like to provide a effortless solution for the developer, that's why this isn't marked as complete yet.

I also recall some issues with it on iOS. Currently, the bug-fixes are a priority, but we're looking forward to implement this feature for the stable 1.0.

[dshukertjr]

@bdlukaa Thanks for chiming in.

@hmarat Sorry but unfortunately I'm afraid there is no definite timeline that we can share. You can try out this method in the mean while.

[hmarat]

@dshukertjr I don't see it in supabase_flutter :(

[dshukertjr]

@himeshp It is there, but not documented . You can see this PR to see how it works, but there are still some missing pieces, so it is not yet fully supported.

    Supabase.instance.client.auth.signIn(oidc: OpenIDConnectCredentials());

[hmarat]

@dshukertjr Oh, that's very good!

1. Does it mean that I should get for example idToken of user with google sign in, and just call that api with providers.google?
2. For both signup and sign in cases .signIn() method should be used?? Thanks in advance!

[hmarat]

I'm doing in that way but always get null 🤔

[hmarat]

@dshukertjr here is the log :)

[hmarat]

@dshukertjr do you have even rest api for creating user? So we can write some cloud function or do it in my backend?

[hmarat]

@bdlukaa maybe you can help me with openID api? Whatever I do, it returns null and does not create new users! The project's progress is stopped because of auth(

[dshukertjr]

@himeshp

do you have even rest api for creating user? So we can write some cloud function or do it in my backend?

Here is an api to create a user

[ZetiMente]

I'm confused a little. We can do the auth today but it is via web, but the way to do it natively exist but isn't being documented & endorsed ?

[dshukertjr]

@ZetiMente The current implementation is half baked, and there needs to be some additional work to be done on the backend.

[devon2018]

This is something that really needs to be implemented soon. I have just had an app rejected because of this, see screenshot.

[DanMossa]

@devon2018 A PR just got merged into gotrue. Give it a little and it should work !

[wiverson]

@DanMossa I'm blocking on needing native sign in as well. Any more details on how to a) find b) try out the PR...?

[DanMossa]

This is what I have at this moment.

1. Sign in with Google working on Android and Web. ✅
2. Sign in with Google working on iOS. ⛔ Blocked due to https://github.com/google/GoogleSignIn-iOS/issues/135 and https://github.com/supabase-community/gotrue-dart/pull/68#pullrequestreview-965583082 .
3. Sign in with Apple working on Android, Web, or IOS. ⛔ Blocked until https://github.com/supabase/gotrue/pull/689 gets deployed to hosted Supabase users.

[dshukertjr]

@devon2018 Out of curiosity, which id provider do you have on your app? Google and Apple?

[devon2018]

@dshukertjr So I've got Facebook, Google and Apple Sign In all in my app.

[mohamad-jawad]

@devon2018 @DanMossa @wiverson @dshukertjr I figured out a way for native google sign in with iOS:

As mentioned by @DanMossa, google sign in is working properly with android and Web, However with iOS it is not, since a nonce is embedded in id_token, and we don't have access to this nonce in order to pass it to supabase, so supabase returns error.

To overcome this issue I have to do my own authentication to google using flutter_appauth package, and I specify the nonce as empty

First Step - Authorization

final FlutterAppAuth _appAuth = const FlutterAppAuth();
final AuthorizationRequest authorizationRequest;
authorizationRequest = AuthorizationRequest(
     Config().GOOGLE_CLIENT_ID_IOS,
     Config().redirectUrl(),
     issuer: Config().GOOGLE_ISSUER, // https://accounts.google.com
     scopes: ['openid', 'profile', 'email'],
     nonce: "", // empty nonce
     additionalParameters: {'audience': Config().GOOGLE_CLIENT_ID_WEB}, //define the aud as your web client_id, so the generated id_token aud will be the web client_id in order for supabase to use it 
);

// Requesting the auth token and waiting for the response
final AuthorizationResponse? authResponse = await _appAuth.authorize(
     authorizationRequest,
);

Second Step - Token

final TokenRequest tokenRequest;
tokenRequest = TokenRequest(
     Config().GOOGLE_CLIENT_ID_IOS,
     Config().redirectUrl(),
     issuer: Config().GOOGLE_ISSUER,
     scopes: ['openid', 'profile', 'email'],
     authorizationCode: authResponse?.authorizationCode,
     codeVerifier: authResponse?.codeVerifier,
     nonce: "",
     additionalParameters: {'audience': Config().GOOGLE_CLIENT_ID_WEB},
);
final TokenResponse? tokenResponse = await _appAuth.token(
     tokenRequest,
);
String idToken = tokenResponse?.idToken ?? "";

Final Step - Get your supabase account

backend.OpenIDConnectCredentials oidc = backend.OpenIDConnectCredentials(
     idToken: idToken,
     clientId: Config().GOOGLE_CLIENT_ID_IOS,
     provider: backend.Provider.google,
     issuer: Config().GOOGLE_ISSUER,
     nonce: "",
);
final response = await _supabaseClient.auth.signIn(oidc: oidc);

I hope it helps ♥️

[DanMossa]

@mohamad-jawad Great job! It's definitely a solid way of solving it in the mean time!

[devon2018]

@DanMossa @mohamad-jawad any idea what the equivalent of this supabaseClient.auth.signIn(oidc: oidc); would be in v1 of the library, signIn method no longer exists and i cant see anything in the gotrue lib that allows oidc.

[dshukertjr]

@devon2018 We have removed the open id connect signin option from both supabase-js v2 and supabase-flutter v1 until we have a solid implementation of it. Our auth team has a lot of feature requests on their plates, so if we could wait patiently until we come out with an official announcement of the feature, it would be great!

[devon2018]

@dshukertjr I release i'm being a pain lol, but is there a rough timeline for this one. I have a client app that needs releasing soon and I really love supabase thats why i suggested to the client we use it but this is a mega blocker, so will need to find another solution if I can't get social sign in working in the next few weeks.

[dshukertjr]

@devon2018 I hear you. Thanks for the love for Supabase.

Good news is that I found an official comment from the auth team just posted a few hours ago moving this in a positive direction! I will work closely with the supabase-js team to bring back the open id connect feature to the flutter library.

https://github.com/supabase/gotrue/issues/434#issuecomment-1287755049

Hey everyone, the team and I discussed this at length. Here's our conclusions:

We recognize this is being used in the wild and is a hard requirement on iOS. The current implementation https://github.com/supabase/gotrue/issues/412 and we don't want to encourage people to be using something that is of low quality. Mid-term we do want to add official support for an OIDC login flow (that uses ID tokens), but this is unlikely to be backward compatible with what we have today. Thus we decided to do the following:

Add back support for this flow in v2 of gotrue-js, but under an @experimental annotation. We're going to be allocating some time to do this in the next 2 to 3 weeks. Since Sign-in with Apple is a hard requirement in mobile apps on iOS, we'll try to address some of the known issues in that flow only. Since we're busy with some other priorities, we can't promise a timeline on addressing this. Any PRs from the community on this topic will be considered closely, in an effort to unblock you. Once we address OIDC ID token login flows properly, the existing flow will be deprecated and the existing API is likely to be removed with some prior notice. Prepare your codebase for such an eventuality in the future. Feel free to let us know how you feel about this or if we should reconsider something. Thank you for your dedication so far!

[DanMossa]

@dshukertjr Okay cool. So at this point, what exactly is happening lol.

We removed OIDC from flutter because it was removed from JS. The Supabase team not wants to keep this version of OIDC and is keeping it as a legacy feature until they come up with a good implementation. So this Flutter package will bring back the code that was removed and mark it as deprecated, yeah?

[dshukertjr]

We will basically mirror what they do on gotrue-js.

[thilojaeggi]

Any update on this, I don't see any way to implement native iOS sign in right now?

[oliverbytes]

My app just got rejected because supabase-flutter opens the OAuth screen via an external browser. Full rejection message below:

[ZetiMente]

@kiwicopple @oliverbytes Oh great. Now we have to worry about App Store rejection for using Supabase...

[DanMossa]

I'm using native sign in with Apple on iOS and native sign in with Google on Android.

Let me know if you guys want a tutorial and if I find time for it I can do so. But my current limitation is that I can't have sign in with Google on iOS and vice versa.

[oliverbytes]

I'm using native sign in with Apple on iOS and native sign in with Google on Android.

Let me know if you guys want a tutorial and if I find time for it I can do so. But my current limitation is that I can't have sign in with Google on iOS and vice versa.

Please do share your workaround on this. It would help a lot. Thank you

[wiverson]

I'm using native sign in with Apple on iOS and native sign in with Google on Android.

Let me know if you guys want a tutorial and if I find time for it I can do so. But my current limitation is that I can't have sign in with Google on iOS and vice versa.

Even just a basic high level approach would be helpful...

[mohsin2596]

I'm using native sign in with Apple on iOS and native sign in with Google on Android.

Let me know if you guys want a tutorial and if I find time for it I can do so. But my current limitation is that I can't have sign in with Google on iOS and vice versa.

We are also stuck on this, would be great help if you could share something

[thilojaeggi]

@DanMossa Facing the same issue, are you willing to share?

[DanMossa]

I'm working on a PR to add Native sign in to flutter supabase!

You can take a look here at an example WIP doc!

https://github.com/supabase/gotrue-dart/pull/119 !!

[habibasseiss]

Awesome @DanMossa! Thank you for that! Now that supabase/gotrue-dart#119 is merged, what would be the next steps so we can use native auth in a Flutter app?

[theniceboy]

It turns out this won't work if your app is on more than one platform because in the current supabase dashboard you cannot configure google sign-in to use more than more OAuth Client ID.

[alexrabin]

It turns out this won't work if your app is on more than one platform because in the current supabase dashboard you cannot configure google sign-in to use more than more OAuth Client ID.

Same problem with Sign in with Apple for android and web (works fine on macOS and iOS)

[DanMossa]

I've been busy, but I'll get to working on that document sooner than later. This feature absolutely works and I'm actively using it. There are some limitations with the current implementation but it works.

[theniceboy]

@DanMossa Can you maybe provide a quick high level description on your solution, please? Thank you so much!