Error : The nonce in ID Token does not match the SHA256 hash of the raw nonce n the request.

[IanFangQuad]

Hello, I am new to flutter. I want to integrate line login with firebase.
First, I have set line as a auth provider in firebase console with openID connect.
Second, I use flutter_line_sdk to login user and receive access token , id token, etc.
Then I want to use these data to get credential by OAuthProvider("oidc.line").credential(....) and signInWithCredential( credential ), but always got this error while the two nonce looks same when get credential, no matter use line generate nonce or use nonce generate by myself.
Where should I notice? Thanks.
＊test on IOS

[YoamFarges]

@IanFangQuad did you manage to make it work or to find a solution?
Currently experiencing the same issue.

[Viraj-Tank]

@IanFangQuad @YoamFarges I'm also facing the same issue, also tried generating the random string for nonce but its not working at all

[unbam]

I had the same issue. Resolved?

[unbam]

I resolved.

final nonce = Nonce.generate();
final digest = sha256.convert(utf8.encode(nonce));
final sha256Nonce = digest.toString();
final loginOption = LoginOption(false, 'normal')..idTokenNonce = sha256Nonce;
final result = await LineSDK.instance.login(
  scopes: ['profile', 'openid', 'email'],
  option: loginOption,
);

final provider = OAuthProvider('oidc.line');
final credential = provider.credential(
  idToken: result.accessToken.idTokenRaw,
  rawNonce: nonce,
);

await _firebaseAuth.currentUser!.linkWithCredential(credential);

[Viraj-Tank]

Sure, will try this!

[adityapol7711]

Hi, I'm facing the same issue while authorizing in firebase through angular and keycloak.
Do you have any idea on how to solve this in angular?

[efstathiosntonas]

Just in case another poor soul ends up here from google search:

The rawNonce is the "pure" string without being converted to SHA256 as the raw in the name suggests.

This is the equivalent code in react-native:

import * as Crypto from "expo-crypto";

    const nonceRaw = uuid();
    
       const digest = await Crypto.digestStringAsync(
        Crypto.CryptoDigestAlgorithm.SHA256,
        nonceRaw
      );

 const credential = auth.FacebookAuthProvider.credential(
        // @ts-ignore
        isIOS ? fbToken.authenticationToken : fbToken.accessToken,
        isIOS ? nonceRaw : undefined  <---- notice we pass the uuid() here without sha256 applied to it
      );

      const { user, additionalUserInfo } = await auth().signInWithCredential(credential);