Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[firebase_auth]: Error invalid_credential on iOS when attempting to call revokeTokenWithAuthorizationCode #16744

Open
1 task done
zakton5 opened this issue Nov 21, 2024 · 6 comments
Labels
Needs Attention This issue needs maintainer attention. platform: ios Issues / PRs which are specifically for iOS. plugin: auth type: bug Something isn't working

Comments

@zakton5
Copy link

zakton5 commented Nov 21, 2024

Is there an existing issue for this?

  • I have searched the existing issues.

Which plugins are affected?

Auth

Which platforms are affected?

iOS

Description

I have set up Sign In with Apple according to the docs and have followed multiple tutorials to make sure I did everything right in my Apple Developer account and Firebase Settings. Pretty sure I'm good to go.

My app sign in with apple does work. The user gets signed up and can use my app normally. The problem is when allowing a user to delete their account. This is the error I get:

[firebase_auth/invalid-credential] Error getting access token from Apple. OAuth2 redirect uri is

The message leads me to think I didn't set something up right, but I have no idea where I would set an "OAuth2 redirect uri"

Expected result: Apple sign in is revoked and disappears from the Apps using Apple Sign In section in apple account settings.

Actual result: Above error message.

Reproducing the issue

Here is my code for both sign up and account deletion. According to the docs here, this is all I need: https://firebase.google.com/docs/auth/flutter/federated-auth#revoke-apple

    // Sign up
    final appleProvider = AppleAuthProvider()
      ..addScope('name')
      ..addScope('email');

    final firebaseCredential = await FirebaseAuth.instance.signInWithProvider(appleProvider);
      // Delete account
      final appleProvider = AppleAuthProvider();
      final res = await user.reauthenticateWithProvider(appleProvider);
      final authCode = res.additionalUserInfo?.authorizationCode;
      if (authCode == null) {
        throw Exception('Unable to get authorization code for apple account');
      }
      await FirebaseAuth.instance.revokeTokenWithAuthorizationCode(authCode);

Firebase Core version

3.8.0

Flutter Version

3.24.3

Relevant Log Output

No response

Flutter dependencies

Expand Flutter dependencies snippet
Replace this line with the contents of your `flutter pub deps -- --style=compact`.

Additional context and comments

No response

@zakton5 zakton5 added Needs Attention This issue needs maintainer attention. type: bug Something isn't working labels Nov 21, 2024
@SelaseKay SelaseKay added plugin: auth platform: ios Issues / PRs which are specifically for iOS. labels Nov 22, 2024
@SelaseKay
Copy link
Contributor

Hi @zakton5, thanks for the report. I tested with your sample code and everything seems to work fine on my end. Could you provide a complete minimal code reproducing this issue?

@SelaseKay SelaseKay added blocked: customer-response Waiting for customer response, e.g. more information was requested. and removed Needs Attention This issue needs maintainer attention. labels Nov 22, 2024
@zakton5
Copy link
Author

zakton5 commented Nov 22, 2024

@SelaseKay Wouldn't that involve setting up a new flutter project, firebase project, apple app identifier, service id, etc.
That's a lot of work that I don't have the time for. Even if I did that, how would you run the app without the means to connect to my apple account via Xcode?

Is there an example repository somewhere that I can cross reference to see if I did things right?

@google-oss-bot google-oss-bot added Needs Attention This issue needs maintainer attention. and removed blocked: customer-response Waiting for customer response, e.g. more information was requested. labels Nov 22, 2024
@SelaseKay
Copy link
Contributor

@SelaseKay SelaseKay added blocked: customer-response Waiting for customer response, e.g. more information was requested. and removed Needs Attention This issue needs maintainer attention. labels Nov 25, 2024
@zakton5
Copy link
Author

zakton5 commented Nov 27, 2024

@SelaseKay That example project was very helpful. Without changing anything, it works well and I can revoke a token. But the moment I point it to my own firebase project I get this error:

[firebase_auth/internal-error] An internal error has occurred, print and inspect the error details for more information.

There are no additional details in the error to print for more information though. I have absolutely no idea where to go where from here.

@google-oss-bot google-oss-bot added Needs Attention This issue needs maintainer attention. and removed blocked: customer-response Waiting for customer response, e.g. more information was requested. labels Nov 27, 2024
@apetroaeiandrei
Copy link

@zakton5 According to the docs, your code should work but I'm facing the same problem. However, I decided to use the more complex Sign In with Apple method, with a nonce to get apple credentials. Following that I can get the auth code from the Apple Auth credentials.
Check this out for more details on the setup.

Future<void> deleteUser() async {
    final user = _auth.currentUser!;
    final provider = user.providerData.first.providerId;
    final needsReauth = user.metadata.lastSignInTime
            ?.isBefore(DateTime.now().subtract(const Duration(minutes: 1))) ??
        true;
    if (needsReauth) {
      if (provider == "apple.com") {
        String rawNonce = _createNonce();
        String nonce = _createHashSHA256String(rawNonce);
        final appleCredential = await _getAppleAuthCredential(nonce);
        final credential = await _getAppleCredential(
          rawNonce: rawNonce,
          nonce: nonce,
          appleCredential: appleCredential!,
        );

        await user.reauthenticateWithCredential(credential);

        _auth.revokeTokenWithAuthorizationCode(
            appleCredential.authorizationCode);

      } else if (provider == "google.com") {
        final credential = await _getGoogleCredential();
        await user.reauthenticateWithCredential(credential);
      } else {
        throw Exception("Unsupported provider");
      }
    }
    await _auth.currentUser?.delete();
  }

@zakton5
Copy link
Author

zakton5 commented Dec 12, 2024

@apetroaeiandrei Using this method lets you successfully revoke the user's token? I guess I'll have to give that a shot and see if it works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Needs Attention This issue needs maintainer attention. platform: ios Issues / PRs which are specifically for iOS. plugin: auth type: bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants