Reputation: 966
Why Both Web and Android Client IDs needed for Google authn using Supabase on Flutter?
My question is for educational purposes because I got the thing working, but wanted to know why and how.
I wanted to setup Google Authentication (Authn) using Supabase for my Flutter app. Following This Tutorial, I was able to get the Sign in with Google working with my Flutter app, but for that I needed to setup,
For my dev flavor app
- A GCP project
myapp-gcp-dev - Consent screen on GCP Credentials with auth domain 1
supabase_project_name.supabase.co - Web Client ID and Client Secret with Auth direct URL
https://supabase_project_name.supabase.co/auth/v1/callback - Android Client ID with package name
com.myteam.myapp.devand SHA1 ..... for dev flavor
My questions,
A) Although I only need google auth for my flutter app (no web), why do I need to setup the
Client ID (for OAuth)andClient Secret (for OAuth)in the supabase dashboard? - I used the two values generated when generating the web client credential in GCP for this.B) Without the above, only putting the Android client ID generated from GCP console, in the
Authorized Client IDs (for Android, One Tap, and Chrome extensions)in supabase console doesn't work - throws an exception on flutter when try to google login. What additional functionality is enabled by putting the client secret that allows (A) to work?C) What's the meaning of "Google sign in on Android will work without providing the Android" below? I got the code from Official Supabase Docs
Future<AuthResponse> _googleSignIn() async {
/// TODO: update the Web client ID with your own.
///
/// Web Client ID that you registered with Google Cloud.
const webClientId = 'my-web.apps.googleusercontent.com';
/// TODO: update the iOS client ID with your own.
///
/// iOS Client ID that you registered with Google Cloud.
const iosClientId = 'my-ios.apps.googleusercontent.com';
// Google sign in on Android will work without providing the Android
// Client ID registered on Google Cloud.
final GoogleSignIn googleSignIn = GoogleSignIn(
clientId: iosClientId,
serverClientId: webClientId,
);
Upvotes: 1
Views: 825
Answers (1)
Reputation: 18680
Google designed its OAuth authentication to require both the Android client ID and the web client ID for performing Google sign-in on Android. I do agree that it's counter intuitive to require the web client ID for OAuth on Android, but it's how Google implemented it, and there is nothing we can do about it as a user using it.
Upvotes: 4
Related Questions
- Why Does OAuth v2 Have Both Access and Refresh Tokens?
- react native supabase auth with google - no session update
- Dart SDK is not configured
- Google OAuth 2 authorization - Error: redirect_uri_mismatch
- Flutter Supabase Authentication Issue: Unable to Navigate to Home Page After Google Sign-In
- Flutter and Social Sign In (Google) client id key storing approach
- Access blocked: Authorization Error - Google Auth Supabase Flutter Android
- Flutter and Supabase - OAuth deep link not working
- Where do i get the web client secret in firebase Google Login for android?