At the moment is not possible to have google sign in working for bot iOS app and Android app, right?
On the documentation, it is stated that the iOS app should work if we add the client web application configuration, but this is not true. https://www.mongodb.com/docs/atlas/app-services/authentication/google/#std-label-auth-google-configuration
Additional posts for the same issue:
opened 01:49AM - 01 Nov 21 UTC
closed 04:30PM - 07 Dec 21 UTC
T-Bug
O-Community
More-information-needed
### How frequently does the bug occur?
All the time
### Description
I have su… ccessfully implemented Google Sign in on both iOS and Android, but have run into an issue with getting them both working at the same time.
On the Android implementation, I am required to have:
a) A Google Cloud Platform Android OAuth credential that uses the SHA1 from my signing key
b) A GCP Web Client OAuth that provides a clientId and secret
c) A Realm Google Authorisation that uses the clientId and secret from b)
For the iOS implementation, I am required to have:
a) A Google Cloud Platform iOS OAuth credential
b) A Realm Google Authorisation that uses the clientId and URL scheme from b)
Observed behaviours:
* Passing the GCP Web clientId to Google results in a error from the sign in page: `"Authorisation Error" 400: Custom scheme URIs are not allowed to 'WEB' client type`.
* Passing the GCP iOS credential allows the Google sign in page to work, and returns an idToken, but then passing that to Realm gives the error: `47 - invalid id token: ‘aud’ must be a string containing the client_id`
* Replacing the Realm Google Authorisation clientId with the GCP iOS clientId allows me to sign in as expected.
The issue is that for Android to work requires using a GCP web clientId in the Realm Google authorisation, and for iOS to work requires using the GCP iOS clientId.
### Stacktrace & log output
_No response_
### Can you reproduce the bug?
Yes, always
### Reproduction Steps
As above
### Version
Latest
### What SDK flavour are you using?
MongoDB Realm (i.e. Sync, auth, functions)
### Are you using encryption?
No, not using encryption
### Platform OS and version(s)
iOS 14,15
### Build environment
Xcode version: ...
Dependency manager and version: ...
opened 09:51PM - 24 Jan 23 UTC
T-Bug
O-Community
Waiting-For-Reporter
Encryption:Off
SDK-Use:Services
### How frequently does the bug occur?
-- select --
### Description
So I am u… sing google auth in my android and ios application. Now the application I created on atlas-app services allows only one client Id. But for android authentication to work, I need to add the web Client id in the google auth setting and for it to work on ios I need to add Ios client Id. otherwise one of them gives this aud error.
### Stacktrace & log output
```shell
When I add ios Client Id android gives this error, signin on ios works.
AUTH_ERROR(realm::app::ServiceError:47): invalid id token: 'aud' must be a string containing the client_id
2023-01-25 03:06:22.969 21705-21705 System.err com.friends.pets W at io.realm.internal.network.NetworkRequest.onError(NetworkRequest.java:68)
2023-01-25 03:06:22.969 21705-21705 System.err com.friends.pets W at io.realm.internal.objectstore.OsJavaNetworkTransport.nativeHandleResponse(Native Method)
2023-01-25 03:06:22.969 21705-21705 System.err com.friends.pets W at io.realm.internal.objectstore.OsJavaNetworkTransport.handleResponse(OsJavaNetworkTransport.java:98)
2023-01-25 03:06:22.969 21705-21705 System.err com.friends.pets W at io.realm.internal.network.OkHttpNetworkTransport$1.run(OkHttpNetworkTransport.java:102)
2023-01-25 03:06:22.970 21705-21705 System.err com.sciforearth.pets W at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
2023-01-25 03:06:22.970 21705-21705 System.err com.friends.pets W at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
2023-01-25 03:06:22.970 21705-21705 System.err com.friends.pets W at java.lang.Thread.run(Thread.java:1012)
and when I replace it with webClient Id signin on android works and gives this error on iOS:
Error Domain=io.realm.app Code=24 "invalid id token: 'aud' must be a string containing the client_id" UserInfo={Server Log URL=https://realm.mongodb.com/groups/63b6d0cee8d6c1420b7fbed7/apps/63b6d39ea9e76e8f428c7f93/logs?co_id=63d050da927603235424f1f9, NSLocalizedDescription=invalid id token: 'aud' must be a string containing the client_id, HTTP Status Code=401}
```
### Can you reproduce the bug?
-- select --
### Reproduction Steps
here is the android code
binding.googleSigninButton.setOnClickListener(view1 -> {
Intent intent = gsc.getSignInIntent();
startActivityForResult(intent, GOOGLE_REQUEST_Code);
binding.progressBar4.setVisibility(View.VISIBLE);
});
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.default_web_client_id))
.requestEmail()
.build();
gsc = GoogleSignIn.getClient(this, gso);
oneTapClient = Identity.getSignInClient(this);
signInRequest = BeginSignInRequest.builder()
.setGoogleIdTokenRequestOptions(BeginSignInRequest.GoogleIdTokenRequestOptions.builder()
.setSupported(true)
// Your server's client ID, not your Android client ID.
.setServerClientId(getString(R.string.default_web_client_id))
// Only show accounts previously used to sign in.
.setFilterByAuthorizedAccounts(true)
.build())
.build();
@Override
protected void onActivityResult(int requestCode, int resultCode, @Nullable Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if(requestCode == GOOGLE_REQUEST_Code){
Task<GoogleSignInAccount> acc = GoogleSignIn.getSignedInAccountFromIntent(data);
if(acc.isSuccessful()) {
HandleSignInTask(acc);
}
}
}
public void HandleSignInTask(Task<GoogleSignInAccount> task){
String token = task.getResult().getIdToken();
if(token != null){
Credentials cred = Credentials.google(token, GoogleAuthType.ID_TOKEN);
App app =((Initialize)getApplication()).app;
app.loginAsync(cred, result -> {
if(result.isSuccess()) {
Log.i("TAG", "onResult: -->" );
startActivity(new Intent(Login.this, MainActivity.class));
finish();
}
else {
result.getError().printStackTrace();
Log.i("TAG", "googleAuthErrorMongo:--> "+ result.getError().toString());
}
}).addOnFailureListener(e -> Log.i(TAG, "onFailure: " + e.getLocalizedMessage()));
}
else{
binding.progressBar4.setVisibility(View.GONE);
Snackbar.make(binding.getRoot(),"Something went wrong",Snackbar.LENGTH_SHORT).show();
}
}
and here is the ios code:
GIDSignIn.sharedInstance.signIn(withPresenting: self) { [self] signInResult, error in
guard error == nil else { return }
let credential = GoogleAuthProvider.credential(withIDToken: (signInResult?.user.idToken?.tokenString)!,
accessToken: (signInResult?.user.accessToken.tokenString)!)
Auth.auth().signIn(with: credential) { result, error in
guard error == nil else{
print("error while signing in firebase.... \(error)")
do{
try! Auth.auth().signOut()
} catch _ {}
return
}
signInResult?.user.refreshTokensIfNeeded { user, error in
guard error == nil else { return }
guard let user = user else { return }
let idToken = user.idToken
let cred = Credentials.googleId(token: idToken?.tokenString ?? "nil")
self.app.login(credentials: cred) { result in
do {
try print("ios google auth successfull userId.. \(result.get().id)")
DispatchQueue.main.async {
let sb = UIStoryboard(name: "Main", bundle: nil)
let nextViewController = sb.instantiateViewController(withIdentifier: "MainViewController") as! ViewController
self.dismiss(animated: false)
self.present(nextViewController, animated: true)
}
} catch let error {print("error while signin in to realm--> \(error)")}
}
}
}
}
}
### Version
master
### What Atlas Services are you using?
Atlas App Services: Functions or GraphQL or DataAPI etc
### Are you using encryption?
No
### Platform OS and version(s)
every
### Build environment
Xcode version: ...14.2 (14C18)
Dependency manager and version: ...
Will this be fixed? Is there any workaround?
2 Likes
Hello @AfterFood_Contact ,
Did you ever find a solution for this … i am in the same situation.
Best regards,
Rasvan
I just answered this same question with a workaround on StackOverflow and came here to report the issue to MongoDB, but now seeing more people hitting this issue.
Other duplicate: