We've an app that successfully performs Google sign-in from different clients: web, iOS app, Android app. We're now trying to integrate Google Sign-in on a Mac Catalyst version of our iOS app.
We use the hybrid flow, we generate the authorization code on the client and exchange it on the server to obtain access and refresh token.
I found this library https://github.com/elsesiy/GAppAuth and I'm using the same credentials used for the iOS app.
The redirect to the app after the sign in through custom scheme works fine and I'm able to obtain the authorization code.
But when I share the authorization code with my server, I get an error on the request to exchange the authentication code to obtain access_token and refresh_token:
POST https://accounts.google.com/o/oauth2/token
Content-Type: application/x-www-form-urlencoded
Params:
- code (sent by client)
- client_id (server client id)
- client_secret (server secret)
- grant_type="authorization_code"
redirect_uri is not added for native client request.
Response:
400 {'error': 'invalid_grant', 'error_description': 'Bad Request'}
Please note that that the exactly same flow works on iOS. I checked also a different type of credentials (Native clients, type: Other)
Any ideas on what's wrong and how can I fix this?
I suspect there's something that Google libraries for login do that is not implemented in GAppAuth (see https://github.com/openid/AppAuth-Android/issues/293).
