Apple Sign On: [AuthApiError: Bad ID token]
andrisole92 opened this issue · comments
Bug report
- I confirm this is a bug with Supabase, not with my own application.
- I confirm I have searched the Docs, GitHub Discussions, and Discord.
Describe the bug
Starting today receiving "error": [AuthApiError: Bad ID token] when trying to sign in with Apple.
Wasn't happening before today. identityToken is returned by Apple.
To Reproduce
Using Apple Button with the following code:
const credential = await AppleAuthentication.signInAsync({
requestedScopes: [
AppleAuthentication.AppleAuthenticationScope.FULL_NAME,
AppleAuthentication.AppleAuthenticationScope.EMAIL,
],
})
console.log({ credential, id: credential.identityToken })
if (credential.identityToken) {
const {
error,
data: { user, session },
} = await supabase.auth.signInWithIdToken({
provider: "apple",
token: credential.identityToken,
})
console.log({ error: error, user, session })
if (!error) {
setAuth(user, session)
// User is signed in.
}
} else {
throw new Error("No identityToken.")
}
// signed in
} catch (e) {
...
Expected behavior
Should sign in
Screenshots
N/A
System information
- OS: Mac OS
- React Native Expo App
- Version of supabase-js: 2.39.1
- Version of Node.js: N/A
Additional context
N/A
+1
+1
Confirmed same problem on Flutter.
There are multiple reports of issues on this in Discord. Moved from supabase-js to gotrue.
We're seeing the same issues on web as well, although it returns a different error: "Error getting user profile from external provider"
Same on native iOS
Same in Flutter
Hey everyone, we've made the fix in this PR and will roll it out to all affected projects on supabase soon. We haven't made any changes to apple oauth recently so it seems like apple changed the type returned in their API to include booleans too (https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple)
is_private_email
A string or Boolean value that indicates whether the email that the user shares is the proxy address. The value can either be a string ("true" or "false") or a Boolean (true or false).
Hey everyone, we've just rolled out the fix but if you're still seeing the same issue, please reach out to us via https://supabase.help and mention this issue.
Thank you @kangmingtay.
would it be possible to set up some monitoring for Oauth services on your side?
By they way still not working for me @kangmingtay
works for me - ty for the fast turn around!
Do I need to update the supabase-js client? Or is it because changes are still propagating?
cc @kangmingtay
I'm experiencing the same error on the native iOS app (Swift SDK) as well, not self-hosting Supabase.
I can confirm that the error is a bad ID token, which is reproducible if the user uses "hide my email."
Otherwise, it works as before.
Is there anything we can do on our end, or do we have to wait for the projects to be updated on Supabase's end?
tysm
@andrisole92 @Aayush9029 can yall please reach out to https://supabase.help/ so we can investigate? the internal error message that you should be observing from your project's auth logs should along the lines of json: invalid use of ,string struct tag, trying to unmarshal unquoted value into *bool. If you're seeing a different error, it may be something else but we'll need more information to investigate further.
@kangmingtay i have contacted 26 hours back and haven’t heard anything back yet.
@andrisole92 @Aayush9029 can yall please reach out to https://supabase.help/ so we can investigate? the internal error message that you should be observing from your project's auth logs should along the lines of
json: invalid use of ,string struct tag, trying to unmarshal unquoted value into *bool. If you're seeing a different error, it may be something else but we'll need more information to investigate further.
json: invalid use of ,string struct tag, trying to unmarshal unquoted value into *bool
That's exactly what I see :)
I did reach out to the team no response :(
@andrisole92 @Aayush9029 found your tickets and i've just rolled out the fix to them
I'll be closing this issue since it's been resolved.
@kangmingtay We are seeing this issue as well, and had a store submission rejected because of it.
I originally opened supabase/supabase#21109
How can we get this fix applied to our hosted Supabase application?
Edit: I have created a support ticket as well
found your tickets and i've just rolled out the fix to them
Fixed. Thank you!
I am in the same boat as @isaachinman and also had my store submission rejected because of it. I've also raised a support ticket as per the previous requests 👍
@kangmingtay We are seeing this issue as well, and had a store submission rejected because of it.
I originally opened supabase/supabase#21109
How can we get this fix applied to our hosted Supabase application?
Edit: I have created a support ticket as well
Same question... Do I need to update my Supabase package in my app to fix it? I've actually tried, but it's still not working.
@Mistes974 This has nothing to do with the Supabase JS SDK.
Same issue, started 3 days ago...
I am "only" experiencing this issue when the user chooses not to share the e-mail whilst signing in with apple (resulting in a apple-relay e-mail)... hope this helps debugging
We are still facing the same issue and opened a ticket id 2353969838
We are also being affected by this issue with user experience, here is our Support Ticket ID: 2349139202
Another user in discord with this error.
Not sure why this is closed.
This was fixed in version 2.139.2 #1395.
You can check the Gotrue version of your project here:
https://supabase.com/dashboard/project/_/settings/infrastructure
I'll pass that on. Not sure that has been mentioned that you have to do an upgrade to get it.
This was fixed in version 2.139.2 #1395.
You can check the Gotrue version of your project here: https://supabase.com/dashboard/project/_/settings/infrastructure
I'm not sure how to upgrade my GoTrue version? I updated PostgreSQL version but GoTrue is still 2.132.3 :/
My go true is: 2.139.2-rc.7
I didn't do anything, it just started working yesterday
Same I upgraded my postgress v but not sure how to upgrade my go true
New instance pulls up 2.132.3.
No option to upgrade.
that's really frustrating, can you please push support team to check my ticket, I'm losing users because of that
Any updates ???? I still have gotrue version 2.132.3.
Has a solution been posted regarding the issue?
I'm facing this issue as well
The AMI should be updated tomorrow, once the release PR is merged, you should be able to upgrade your Gotrue version from here: https://supabase.com/dashboard/project/_/settings/infrastructure
Hey Team,
Thanks Monica! Beyond the Auth release PR being merged we'll need to release it internally as well - we'll circle back here with an update once that happens.
Sorry, but i have the same problem.
I still have gotrue version 2.132.3 and i don't seem i can change it.
Thanks for the help
Hey team,
Thanks for patiently waiting. You should now be able to upgrade to a patched version under Settings > Infrastructure > Upgrade Postgres Version to 15.1.1.16 - do note that this will involve some downtime
We'll be rolling out the patch across the board next week.
Thanks!
This fixed the issue for me
@J0 Thank you for confirming here, this fixed Apple auth in one of our projects as well!
Is there a standard way that these kinds of regressions and subsequent fixes are communicated with Supabase users? This one caused a fair amount of grief for our team and I imagine we are not the only ones. If not (I wasn't able to find anything), an email or toast within the dashboard would be very helpful and would have saved us hours of time in this case.
Updating
The AMI should be updated tomorrow, once the release PR is merged, you should be able to upgrade your Gotrue version from here: https://supabase.com/dashboard/project/_/settings/infrastructure
Using this link to update to the latest postgres version also resolved the issue for me. 👍
hey, I am setting up Native Apple sign in wih supabase in my react native project, my error is
{
"error": {
"__isAuthError": true,
"name": "AuthApiError",
"status": 400
},
"user": null
}
and the same code as described in the issue, I am