-
Notifications
You must be signed in to change notification settings - Fork 450
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication with OAuth credentials #2554
Comments
Thanks for the feature request. I have just one question:
Do you have any documentation about this? I am asking because this will help prioritize the feature requests (our understanding is that we have users building native apps with flutter for apple without any issues currently) |
Using native authentication? I mean, using this??? This specific image is from https://pub.dev/packages/sign_in_with_apple. It uses the native (by native I mean the Operating System native dialog) auth dialog that only generates an id token and an access token (it is not web, so there is no redirectUrl or anything like that). For Android, we use https://pub.dev/packages/google_sign_in, that shows the Android native Google Auth dialog: Even the OAuth settings are different in these cases (because there is no web view available in this kind of authentication, so there is no need to redirectUrl. Google, for instance, allows us even to lock the OAuth client to an specific app id). Both those authentication methods are local and returns an access token for each provider. Then, with those credentials, we can call Firebase Auth, so it creates an user based on the information on those access tokens (including name, email and photo url). This is done through this method: https://firebase.google.com/docs/auth/flutter/federated-auth ( Then, it returns an Firebase User (with an Firebase Id) and we can get an access token from this user (which Hasura documents here: https://hasura.io/blog/authentication-and-authorization-using-hasura-and-firebase/) As far as I could see, nhost always use an web authentication, which is not appropriate for mobile apps (for instance: we can't create a new account in native authentication, the account management is made by the OS itself (Settings > Accounts in Android)). We have an app with +10 million downloads that currently uses Firebase Auth. We have a problem that is importing those users to a relational database, which is a process that costs us a lot of time currently). We are looking for a solution that could just drop in as an replacement for Firebase Auth (meaning: we already do our local authentication using Apple or Google, we just need to get the OAuth tokens generated by these native solutions and create our JWT to access our Hasura - that's where nHost Auth could come in). TL;DR: We would need nhost to mimic the |
No, I was asking about your statement "this is not a suitable solution for native apps". We have users building native applications using nhost so I was trying to understand if something had changed that may break applications. From what I am understanding from your last comment you should be able to use nhost already but you would prefer a different authentcation mechanism that leverages some builtin functionality, is this correct? |
I believe that integrating "Sign in with Apple" and "Sign in with Google" directly within mobile applications via Nhost is not supported. The authentication class provided by the Nhost library seems to lack the necessary methods to facilitate these sign-in processes. Additionally, implementing a magic link login feature within mobile apps through Nhost requires a reliable method to prompt the email client to open the app, which hinges on App Links and Deep Links for Android, as well as Universal Links and Custom URL Schemes for iOS. While App Links and Universal Links offer an easier approach, they are not reliable. Deep Links and Custom URL Schemes would be the correct picks, but I believe it is not possible to make it work with the current Nhost setup (please correct-me if I'm wrong). I came to this issue due to problems we are having with magic links and app links not working every time. The approach of using a redirect URL makes the authentication process much more challenging for mobile applications. A simple "Send code to email" and confirm code in the app would make passwordless email much easier for mobile applications. Regarding google, apple, the example provided by @JCKodel is exactly what we need. We don't want to force the user to do anything outside the app client to log in. Would be extremely helpful for all mobile devs if you guys could prioritize this issue. And in the meantime, if there is a current way to sign in with Google and Apple, would be great if you could please show us how in here or update docs in the dart section or example app from Git Hub. Edit: |
This is an easy fix, please open a new issue.
You can implement this yourself, just use a custom email template to show the ticket instead of the link, ask the user to enter it on your app and have your app construct the magic link and call it. |
It's not about preference. It's NOT "different authentication mechanism" Is the standard default mobile authentication mechanism. Apps are not websites. Both Android and iOS always have an account (google or apple). The default standard mobile authentication mechanism just uses those accounts (with some additional popup so the user can confirm it really wants an authentication, of course). nHost is amazing for web. But, again, apps are not websites. For apps, we have no other option than Firebase Auth (because Auth0 is expensive as f.... totally out of reality) :( |
Is your feature request related to a problem? Please describe.
When working with apps (Flutter or native), we often use native authentication methods with Google and Apple.
Those methods return an idToken and an accessToken.
Authentication providers such as Firebase Authentication allow us to send those tokens as an OAuth response, thus, authenticating an user and returning the Firebase Authentication JWT.
As far as I could see, nHost only allow OAuth web authentication (this is not a suitable solution for native apps, especially with Apple).
Describe the solution you'd like
A method that allow us to send Google and Apple idToken and accessToken for authentication (i.e.: skipping the web oauth authentication).
For Firebase Authentication, this is done as:
The text was updated successfully, but these errors were encountered: