コンテンツへスキップ
Capgo

Supabase Google Login on Android

Introduction

Section titled “Introduction”

This guide will help you integrate Google Sign-In with Supabase Authentication on Android. It is assumed that you have already completed:

Implementation

Section titled “Implementation”

The complete implementation is available in the example app’s supabaseAuthUtils.ts file. This guide explains the key concepts and how to use it.

Using the Authentication Helper

Section titled “Using the Authentication Helper”

The authenticateWithGoogleSupabase function handles the entire authentication flow:

import { authenticateWithGoogleSupabase } from './supabaseAuthUtils';


const result = await authenticateWithGoogleSupabase();
if (result.success) {
  console.log('Signed in:', result.user);
  // Navigate to your authenticated area
} else {
  console.error('Error:', result.error);
}

How It Works

Section titled “How It Works”

For a detailed explanation of how the authentication flow works, including nonce generation, JWT validation, and Supabase sign-in, see the How It Works section in the General Setup guide.

For the complete code reference, see the Complete Code Reference section in the General Setup guide.

Important Notes

Section titled “Important Notes”

Nonce Handling

Section titled “Nonce Handling”

The nonce implementation follows the pattern from the React Native Google Sign In documentation:

  • rawNonce goes to Supabase’s signInWithIdToken()
  • Supabase makes a hash of rawNonce and compares it with the nonceDigest which is included in the ID token from Google Sign-In
  • nonceDigest (SHA-256 hash, hex-encoded) goes to the nonce parameter in Google Sign-In APIs

Automatic Retry

Section titled “Automatic Retry”

The implementation includes automatic retry logic:

  • If JWT validation fails on first attempt, it logs out and retries once
  • This handles cases where cached tokens might have incorrect nonces
  • If the retry also fails, an error is returned

Troubleshooting

Section titled “Troubleshooting”

If authentication fails:

  • Invalid audience: Verify your Google Client IDs match in both Google Cloud Console and Supabase
  • Nonce mismatch: Check console logs - the function will automatically retry, but you can manually logout first if needed
  • Token validation fails: Ensure you’re using mode: 'online' in the initialize call to get an idToken
  • Review the example app code for reference