Cannot set up Google Auth on iOS and Android at the same time

AfterFood_Contact · March 25, 2023, 8:01pm

At the moment is not possible to have google sign in working for bot iOS app and Android app, right?
On the documentation, it is stated that the iOS app should work if we add the client web application configuration, but this is not true. https://www.mongodb.com/docs/atlas/app-services/authentication/google/#std-label-auth-google-configuration

Additional posts for the same issue:

github.com/realm/realm-swift

Cannot set up Google Auth on iOS and Android at the same time.

opened 01:49AM - 01 Nov 21 UTC

closed 04:30PM - 07 Dec 21 UTC

adaneko

T-Bug O-Community More-information-needed

### How frequently does the bug occur? All the time ### Description I have su…ccessfully implemented Google Sign in on both iOS and Android, but have run into an issue with getting them both working at the same time. On the Android implementation, I am required to have: a) A Google Cloud Platform Android OAuth credential that uses the SHA1 from my signing key b) A GCP Web Client OAuth that provides a clientId and secret c) A Realm Google Authorisation that uses the clientId and secret from b) For the iOS implementation, I am required to have: a) A Google Cloud Platform iOS OAuth credential b) A Realm Google Authorisation that uses the clientId and URL scheme from b) Observed behaviours: * Passing the GCP Web clientId to Google results in a error from the sign in page: `"Authorisation Error" 400: Custom scheme URIs are not allowed to 'WEB' client type`. * Passing the GCP iOS credential allows the Google sign in page to work, and returns an idToken, but then passing that to Realm gives the error: `47 - invalid id token: ‘aud’ must be a string containing the client_id` * Replacing the Realm Google Authorisation clientId with the GCP iOS clientId allows me to sign in as expected. The issue is that for Android to work requires using a GCP web clientId in the Realm Google authorisation, and for iOS to work requires using the GCP iOS clientId. ### Stacktrace & log output _No response_ ### Can you reproduce the bug? Yes, always ### Reproduction Steps As above ### Version Latest ### What SDK flavour are you using? MongoDB Realm (i.e. Sync, auth, functions) ### Are you using encryption? No, not using encryption ### Platform OS and version(s) iOS 14,15 ### Build environment Xcode version: ... Dependency manager and version: ...

github.com/realm/realm-swift

Invalid id token: ‘aud’ must be a string containing the client_id : google OAuth2.0 Client Id mismatch when signing in with android and apple platform

opened 09:51PM - 24 Jan 23 UTC

deepanshubalyan01

T-Bug O-Community Waiting-For-Reporter Encryption:Off SDK-Use:Services

### How frequently does the bug occur? -- select -- ### Description So I am u…sing google auth in my android and ios application. Now the application I created on atlas-app services allows only one client Id. But for android authentication to work, I need to add the web Client id in the google auth setting and for it to work on ios I need to add Ios client Id. otherwise one of them gives this aud error. ### Stacktrace & log output ```shell When I add ios Client Id android gives this error, signin on ios works. AUTH_ERROR(realm::app::ServiceError:47): invalid id token: 'aud' must be a string containing the client_id 2023-01-25 03:06:22.969 21705-21705 System.err com.friends.pets W at io.realm.internal.network.NetworkRequest.onError(NetworkRequest.java:68) 2023-01-25 03:06:22.969 21705-21705 System.err com.friends.pets W at io.realm.internal.objectstore.OsJavaNetworkTransport.nativeHandleResponse(Native Method) 2023-01-25 03:06:22.969 21705-21705 System.err com.friends.pets W at io.realm.internal.objectstore.OsJavaNetworkTransport.handleResponse(OsJavaNetworkTransport.java:98) 2023-01-25 03:06:22.969 21705-21705 System.err com.friends.pets W at io.realm.internal.network.OkHttpNetworkTransport$1.run(OkHttpNetworkTransport.java:102) 2023-01-25 03:06:22.970 21705-21705 System.err com.sciforearth.pets W at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137) 2023-01-25 03:06:22.970 21705-21705 System.err com.friends.pets W at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637) 2023-01-25 03:06:22.970 21705-21705 System.err com.friends.pets W at java.lang.Thread.run(Thread.java:1012) and when I replace it with webClient Id signin on android works and gives this error on iOS: Error Domain=io.realm.app Code=24 "invalid id token: 'aud' must be a string containing the client_id" UserInfo={Server Log URL=https://realm.mongodb.com/groups/63b6d0cee8d6c1420b7fbed7/apps/63b6d39ea9e76e8f428c7f93/logs?co_id=63d050da927603235424f1f9, NSLocalizedDescription=invalid id token: 'aud' must be a string containing the client_id, HTTP Status Code=401} ``` ### Can you reproduce the bug? -- select -- ### Reproduction Steps here is the android code binding.googleSigninButton.setOnClickListener(view1 -> { Intent intent = gsc.getSignInIntent(); startActivityForResult(intent, GOOGLE_REQUEST_Code); binding.progressBar4.setVisibility(View.VISIBLE); }); GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN) .requestIdToken(getString(R.string.default_web_client_id)) .requestEmail() .build(); gsc = GoogleSignIn.getClient(this, gso); oneTapClient = Identity.getSignInClient(this); signInRequest = BeginSignInRequest.builder() .setGoogleIdTokenRequestOptions(BeginSignInRequest.GoogleIdTokenRequestOptions.builder() .setSupported(true) // Your server's client ID, not your Android client ID. .setServerClientId(getString(R.string.default_web_client_id)) // Only show accounts previously used to sign in. .setFilterByAuthorizedAccounts(true) .build()) .build(); @Override protected void onActivityResult(int requestCode, int resultCode, @Nullable Intent data) { super.onActivityResult(requestCode, resultCode, data); if(requestCode == GOOGLE_REQUEST_Code){ Task<GoogleSignInAccount> acc = GoogleSignIn.getSignedInAccountFromIntent(data); if(acc.isSuccessful()) { HandleSignInTask(acc); } } } public void HandleSignInTask(Task<GoogleSignInAccount> task){ String token = task.getResult().getIdToken(); if(token != null){ Credentials cred = Credentials.google(token, GoogleAuthType.ID_TOKEN); App app =((Initialize)getApplication()).app; app.loginAsync(cred, result -> { if(result.isSuccess()) { Log.i("TAG", "onResult: -->" ); startActivity(new Intent(Login.this, MainActivity.class)); finish(); } else { result.getError().printStackTrace(); Log.i("TAG", "googleAuthErrorMongo:--> "+ result.getError().toString()); } }).addOnFailureListener(e -> Log.i(TAG, "onFailure: " + e.getLocalizedMessage())); } else{ binding.progressBar4.setVisibility(View.GONE); Snackbar.make(binding.getRoot(),"Something went wrong",Snackbar.LENGTH_SHORT).show(); } } and here is the ios code: GIDSignIn.sharedInstance.signIn(withPresenting: self) { [self] signInResult, error in guard error == nil else { return } let credential = GoogleAuthProvider.credential(withIDToken: (signInResult?.user.idToken?.tokenString)!, accessToken: (signInResult?.user.accessToken.tokenString)!) Auth.auth().signIn(with: credential) { result, error in guard error == nil else{ print("error while signing in firebase.... \(error)") do{ try! Auth.auth().signOut() } catch _ {} return } signInResult?.user.refreshTokensIfNeeded { user, error in guard error == nil else { return } guard let user = user else { return } let idToken = user.idToken let cred = Credentials.googleId(token: idToken?.tokenString ?? "nil") self.app.login(credentials: cred) { result in do { try print("ios google auth successfull userId.. \(result.get().id)") DispatchQueue.main.async { let sb = UIStoryboard(name: "Main", bundle: nil) let nextViewController = sb.instantiateViewController(withIdentifier: "MainViewController") as! ViewController self.dismiss(animated: false) self.present(nextViewController, animated: true) } } catch let error {print("error while signin in to realm--> \(error)")} } } } } } ### Version master ### What Atlas Services are you using? Atlas App Services: Functions or GraphQL or DataAPI etc ### Are you using encryption? No ### Platform OS and version(s) every ### Build environment Xcode version: ...14.2 (14C18) Dependency manager and version: ...

Will this be fixed? Is there any workaround?