invalid_grant when using hybrid flow on a Mac Catalyst app

[Nyshiki]

Hi,
I use the hybrid flow to perform the Sign-in with Google on a Mac Catalyst app. I generate the authorization code on the client and exchange it on the server to obtain access and refresh token.

The redirect to the app after the sign in through custom scheme works fine and I'm able to obtain the authorization code.

@IBAction func login() {
    do {
          try GAppAuth.shared.authorize(in: self) { auth in
                if auth {
                    if GAppAuth.shared.isAuthorized() {
                        let authorization = GAppAuth.shared.getCurrentAuthorization()

                        sendAuthCodeToServer(serverAuthCode: authorization?.authState.lastAuthorizationResponse.authorizationCode, userName: authorization?.userEmail, userEmail: authorization?.userEmail)
                    }
                }
            }
        } catch let error {
            print(error.localizedDescription)
        }
}

But when I share the authorization code with my server, I get an error on the request to exchange the authentication code to obtain access_token and refresh_token.
400 {'error': 'invalid_grant', 'error_description': 'Bad Request'}

Please note that that I'm able to exchange the authorization code with access_token and refesh_token on the device.

Any ideas on what's wrong and how can I fix this?

I suspect there's something that Google libraries for login do that is not implemented in GAppAuth (see openid/AppAuth-Android#293).

[girishw]

Facing the same issue.

[elsesiy]

Unfortunately I have no idea on how to proceed here. I'm just wrapping whatever the GTMAppAuth pod does so I suspect the same issue would be happening over there..

[girishw]

@elsesiy It looks like the Google libraries are using a proprietary extension of OID. More information here:

openid/AppAuth-Android#107
https://stackoverflow.com/questions/45325768/google-sign-in-using-appauth-and-cross-client-identity