Firebase REST API signInWithIdp and Apple SignIn Provider - MISSING_OR_INVALID_NONCE
I'm implementing Apple Sign In in a React Native App.
The sample I'm using works well within the Mobile App: Apple Sign In - React Native Firebase
Just in case the link above changes, here is the code:
import auth from '@react-native-firebase/auth';
import { appleAuth } from '@invertase/react-native-apple-authentication';
async function onAppleButtonPress() {
// Start the sign-in request
const appleAuthRequestResponse = await appleAuth.performRequest({
requestedOperation: appleAuth.Operation.LOGIN,
requestedScopes: [appleAuth.Scope.EMAIL, appleAuth.Scope.FULL_NAME],
});
// Ensure Apple returned a user identityToken
if (!appleAuthRequestResponse.identityToken) {
throw 'Apple Sign-In failed - no identify token returned';
}
// Create a Firebase credential from the response
const { identityToken, nonce } = appleAuthRequestResponse;
const appleCredential = auth.AppleAuthProvider.credential(identityToken, nonce);
// Sign the user in with the credential
return auth().signInWithCredential(appleCredential);
}
In my backend Apps are only authorized to make calls if they use Firebase Access Tokens.
To get this to work, I am using the Google/Firebase REST API signInWithIdp. This works perfectly well for Twitter/Facebook/Google, but it doesn't for Apple.
What I/m doing is to use the Apple identityToken obtained here:
const { identityToken, nonce } = appleAuthRequestResponse;
And I make this call:
POST https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp?key={key}
BODY:
{
"postBody":"id_token={identityToken}&providerId=apple.com",
"requestUri":"http://localhost",
"returnSecureToken": true
}
but I get:
{
"error": {
"code": 400,
"message": "MISSING_OR_INVALID_NONCE : Duplicate credential received. Please try again with a new credential.",
"errors": [
{
"message": "MISSING_OR_INVALID_NONCE : Duplicate credential received. Please try again with a new credential.",
"domain": "global",
"reason": "invalid"
}
]
}
}
Due to the lack of documentation I'm blocked on this one. :(
Any suggestions on how to eliminate this error are very welcome. :)
Here is the documentation to support 'Sign in with OAuth credential'. The examples it gives looks like this:
id_token=[GOOGLE_ID_TOKEN]&providerId=[google.com]
You can actually add a nonce parameter as well (which isn't documented!), for example:
id_token=ID_TOKEN&providerId=apple.com&nonce=NONCE
To figure this out, I had to use the SDK (I used iOS) and make the request. I used mitmproxy to read the network, and this is what it showed when putting in dummy data:
- Error: Text strings must be rendered within a <Text> component in React Native when string is not empty
- React Native Google Signin with multiple accounts
- What's the difference between Firebase JavaScript SDK and react-native-firebase
- Could not reach Cloud Firestore backend - React native Firebase v9
- React Native Firebase onAuthStateChanged returns user after signOut
- Error: [auth/missing-client-identifier] This request is missing a valid app identifier, Play Integrity checks, and reCAPTCHA checks were unsuccessful
- APNS device token not set before retrieving FCM Token for Sender ID - React Native Firebase
- Deleting User account using Passwordless Authentication?
- Get Error : Firestore: The caller does not have permission to execute the specified operation. But I have already signed in
- All React Native Firebase modules must be of the same version - can't use Auth
- firebase: admin.auth().updateUser() causes auth/user-token-expired
- Unable to resolve "missing-asset-registry-path" expo react native
- Command Failed: gradlew.bat installDebug error whenever installing dependencies like navigation, firebase, icons etc in React-Native
- Sendbird push notification when app is in background
- I get error when using Firebase phone authentication on React Native?
- React-Native-Firebase Create user with Email, passwordless
- Error on Expo Push Token Retrieval in Emulator: FirebaseApp Not Initialized
- My createContext() wont work with @react-native-firebase/app
- When I use where in react native firestore, startAfter returns an empty array
- React-Native Firebase: Token refresh not working
- How to crash a react native android app
- How do I overcome "Permission Denial....obtain access using ACTION_OPEN_DOCUMENT or related APIs"?
- Bring Android React Native App to Foreground On Receipt of Data Only Firebase Cloud Message
- Error: 400: Your project does not own Dynamic Links domain
- react-native-firebase orderBy query not working
- React Native Firebase Authentication Displayname null
- in react native, text field does not show new value when it is changed in realtime firebase
- "You attempted to use a firebase module that's not installed on your Android project by calling firebase.app()."
- State management best practises using firebase and redux in react native
- Is it safe to ignore the TypeError "TS2693: 'FieldPath' only refers to a type, but is being used as a value here."?