I am implementing Register with Apple on iOS utilizing Flutter + Firebase Auth. Apple returns a sound token however Firebase rejects it with:
firebase_auth/invalid-credential — Invalid OAuth response from apple.com
Atmosphere:
-
firebase_core: 4.6.0 -
firebase_auth: 6.3.0 -
sign_in_with_apple: 7.0.1 -
Flutter (newest secure)
-
iOS deployment goal: 16.0
-
Testing on bodily machine through TestFlight (not simulator)
Flutter code (auth_service.dart):
remaining rawNonce = _generateNonce();
remaining nonce = _sha256ofString(rawNonce);
remaining appleCredential = await SignInWithApple.getAppleIDCredential(
scopes: [AppleIDAuthorizationScopes.email, AppleIDAuthorizationScopes.fullName],
nonce: nonce,
);
remaining oauthCredential = OAuthProvider('apple.com').credential(
idToken: appleCredential.identityToken,
rawNonce: rawNonce,
);
return await _auth.signInWithCredential(oauthCredential);
Nonce era:
String _generateNonce([int length = 32]) {
const charset="0123456789ABCDEFGHIJKLMNOPQRSTUVXYZabcdefghijklmnopqrstuvwxyz-._";
remaining random = Random.safe();
return Listing.generate(size, (_) => charset[random.nextInt(charset.length)])
.be part of();
}
String _sha256ofString(String enter) {
remaining bytes = utf8.encode(enter);
remaining digest = sha256.convert(bytes);
return digest.toString();
}
Verified on-device — token claims decoded and confirmed right:
-
iss:https://appleid.apple.com -
aud: matches bundle ID precisely -
nonce: current, appropriately SHA-256 hashed -
exp: not expired -
email_verified: true -
nonce_supported: true
Apple Developer config — all verified right:
-
App ID has Register with Apple enabled as Major App ID
-
Companies ID configured with right Firebase return URL (
https://).firebaseapp.com/__/auth/handler -
Key registered with SIWA functionality, related to right Major App ID
-
Group ID confirmed in Apple Developer → Membership
What I’ve tried:
-
Deleted and re-added the Firebase Apple supplier from scratch
-
Re-pasted the .p8 key a number of instances through totally different strategies
-
Generated a model new key and up to date Firebase — error persists
-
Tried bundle ID within the Companies ID area as an alternative of Companies ID — no change
-
GCP audit logs present 0 outcomes for
identitytoolkit— can’t see server-side rejection purpose
E mail/password sign-in works advantageous on the identical challenge. The rejection occurs server-side inside Firebase Auth — Apple’s facet is confirmed right.
Has anybody seen Firebase reject a sound Apple token with this error? Is there a identified project-level misconfiguration that is not seen from the console?
Any pointers appreciated! Have spent over 6 hours on this already… TIA
