Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign in with Google on iOS with predefined state not possible #965

Open
Iniwuijshi opened this issue Apr 29, 2024 · 1 comment · May be fixed by #974
Open

Sign in with Google on iOS with predefined state not possible #965

Iniwuijshi opened this issue Apr 29, 2024 · 1 comment · May be fixed by #974
Labels
issue-accepted This issue has been confirmed and accepted by the maintainers needs-triage Waiting for a member of the team to confirm

Comments

@Iniwuijshi
Copy link

My OIDAuthorizationRequest needs a predefined state. Since there is no parameter in the interface I tried it with the additional parameters. That works but there is an issue with the default behaviour on iOS or in the objc implementation respectively:

RNAppAuth.m

    // builds authentication request
    OIDAuthorizationRequest *request =
    [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
                                                    clientId:clientId
                                            clientSecret:clientSecret
                                                     scope:[OIDScopeUtilities scopesWithArray:scopes]
                                               redirectURL:[NSURL URLWithString:redirectUrl]
                                              responseType:OIDResponseTypeCode
                                                     state: additionalParameters[@"state"] ? additionalParameters[@"state"] : [[self class] generateState]
                                                     nonce:nonce
                                              codeVerifier:codeVerifier
                                             codeChallenge:codeChallenge
                                      codeChallengeMethod: usePKCE ? OIDOAuthorizationRequestCodeChallengeMethodS256 : nil
                                      additionalParameters:additionalParameters];

Iff the state is present in the additional parameters, it gets taken from there but if it's there the lib will add it too. So the state is attached twice.

For reference: The java code on the other hand removes the state from the additional parameters after reading the state. So it gets added only once. Which is the right approach if u ask me.

The Problem with the whole thing is, that the double attachment of the state leads to an invalid_request on the google side. (Apple seems not to be picky. At least if the key value pair is the same). looks like in the screenshot attached:
Screenshot 2024-04-29 at 08 40 41

My current workaround is; setting the state parameter to nil since the value is nullable and add it via the additional parameters from the react native js side.

Environment

IDP: Zitadel / Google
platform: iOS
react native: v0.73.4
react native app auth: ^7.1.0
No expo
@carbonrobot carbonrobot added the needs-triage Waiting for a member of the team to confirm label May 2, 2024
@fant0mex fant0mex linked a pull request May 15, 2024 that will close this issue
Open
@fant0mex fant0mex added the issue-accepted This issue has been confirmed and accepted by the maintainers label May 17, 2024
@devDohyun
Copy link

devDohyun commented Jul 14, 2024
edited
Loading

same issue here.

Update: This issue can be resolved by setting the useNonce: false option.
Related to : https://github.com/FormidableLabs/react-native-app-auth/pull/736/files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue-accepted This issue has been confirmed and accepted by the maintainers needs-triage Waiting for a member of the team to confirm
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix/dupe state FormidableLabs/react-native-app-auth
4 participants
@carbonrobot @fant0mex @Iniwuijshi @devDohyun