[Question]: Google ID Token sign in not working

[Vaibhav2002]

General info

• I checked the troubleshooting page for similar problems

What is your question?

i created a custom fallback for Google Login using GoogleSignInClient for Android, now when i try signing in to Supabase with the id Token i get, it throws

UnauthorizedRestException: Unverified email with google. Verify the email with google in order to sign in

This is my code

class GoogleLegacySignInClient(private val context: Context) : GoogleSignInClient() {

    private val signInOptions = GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
        .requestIdToken(AppConfig.GOOGLE_WEB_CLIENT_ID)
        .build()

    fun signInRequest(): Intent = GoogleSignIn.getClient(context, signInOptions).signInIntent

    override suspend fun handleResult(result: ActivityResult): Result<String> = runCatching {
        when {
            result.resultCode == Activity.RESULT_OK && result.data != null -> {
                val idToken = GoogleSignIn.getSignedInAccountFromIntent(result.data).await().idToken
                handleGoogleIdToken(idToken)
            }

            result.resultCode == Activity.RESULT_CANCELED -> {
                throw AuthCancelledException("User cancelled Google Sign in")
            }

            else -> throw Throwable("Error: ${result.resultCode}")
        }
    }
    
    protected suspend fun handleGoogleIdToken(
        idToken: String?
    ): String = try {
        val idToken = idToken ?: throw (Throwable("Id token is missing"))

        supabase.auth.signInWith(IDToken){
            this.idToken = idToken
            this.provider = Google
        }
        
        supabase.auth.currentAccessTokenOrNull() ?: throw Throwable("Token is null")
    } catch (e: ApiException) {
        if (e.statusCode == CommonStatusCodes.CANCELED)
            throw AuthCancelledException("User cancelled Google Sign in")
        throw e
    }
}

[jan-tennert]

Haven't seen this error before. Is the Email in your Google account verified?

[Vaibhav2002]

@jan-tennert Yes, I can perfectly login to firebase with the same account, but this error when using supabase

[jan-tennert]

Did you create the account with an E-Mail and Password before? Maybe that E-Mail (which is also used in the Google Account) hasn't been verified in your Supabase project. Normally when you just sign in/sign up with a Google Account the E-Mail is automatically verified, but maybe you signed up with an E-Mail and Password before (and didn't verify the E-Mail) and that causes it

[Vaibhav2002]

@jan-tennert I tried with a fresh account, not there in the supabase auth dashboard
After I sign in, I get the error and when I checked the Supabase Auth dashboard, I see Waiting for verification.. in the last Signed In column

[jan-tennert]

The only thing I can think of is to check if "normal" Google login works via OAuth. In any case, you can try to ask in the Supabase Discord/Github Repo. They can probably help you more with API problems. If you found a solution, feel free to share it here!

[jan-tennert]

@Vaibhav2002 Have you found a solution? I could only find a similar case where the E-Mail wasn't verified within Google itself

[Vaibhav2002]

@jan-tennert No I did not. Seeing a lot of problems with this in especially Chinese devices

[jan-tennert]

@Vaibhav2002 So just to clarify: The Google account which you try to authenticate with is verified? And does this always happens or just sometimes?

[Vaibhav2002]

@jan-tennert All my accounts work perfectly fine with other apps, but with supabase all were shown as unverified in the supabase dashboard

[hieuwu]

@jan-tennert All my accounts work perfectly fine with other apps, but with supabase all were shown as unverified in the supabase dashboard

Hey @Vaibhav2002 , I am trying around

• Could you please clarify what is the GoogleSignInClient that your GoogleLegacySignInClient class extends? Is it just an interface`?
• Could you please also show how you use signInRequest() ?

Next is to make sure you set up these things:

• Oauth Client and Secret in Supabase dashboard
• idToken is retrieved before the suspend function handleGoogleIdToken is executed. Let's have 2 debug points to see

[hieuwu]

Hi @Vaibhav2002 , could you please play around this sample from Google Services . I tried and found that with old Google Sign-in Legacy, theidToken is null, could not get it. Seems the error is from old legacy Google Sign-in itself