This guide walks you through adding Sign in with Apple and Sign in with Google to a Newly app that uses Supabase as its backend.Unlike email/password, social login needs a one-time setup in the provider consoles (Google Cloud, Apple Developer) and in your Supabase Dashboard. Newly can’t do this part for you because it involves your own developer accounts and secrets. Once configured, you tell the AI to build the buttons and wire up the flow.
This guide is for projects using Supabase. If you’re on Liquid Backend, follow Adding Authentication instead — Google login works there without any console setup for development. See Backend Systems to check which backend you’re on.
Your Newly app is already linked to a Supabase project
Apple Developer Account
Required for Sign in with Apple ($99/year)
Google Cloud Account
Free — for creating OAuth client IDs
Your app's Bundle ID
e.g. com.yourcompany.yourapp — you’ll need it in both consoles
Decide your Bundle ID before starting. Both Apple and Google tie their client IDs to it, and changing it later means redoing this setup. See Changing Your Bundle ID.
Go to APIs & Services → OAuth consent screen. Choose External, fill in the app name, support email, and developer contact. Add your email as a test user while developing.
3
Create a Web client ID
Under Credentials → Create Credentials → OAuth client ID, choose Web application. This is the client Supabase uses. Copy its Client ID and Client secret.
4
Add the Supabase redirect URL
In the Web client, add this to Authorized redirect URIs (find your project ref in the Supabase Dashboard URL):
In the Supabase Dashboard go to Authentication → Providers → Google and toggle it on.
2
Add the Web client credentials
Paste the Web Client ID and Client secret from Step 1.
3
Authorize your native client IDs
In the Authorized Client IDs field, add your iOS (and Android) client IDs, comma-separated. This is what lets Supabase trust the ID tokens coming from the native sign-in sheet.
4
Save
Click Save.
A common mistake is adding only the Web client ID. Native sign-in returns tokens issued to the iOS/Android client IDs — if those aren’t in Authorized Client IDs, Supabase rejects the token with an “audience mismatch” error.
Tell the AI what you want, and give it the client IDs so it can configure the native module:
Add a "Continue with Google" button to my Login and Sign Up screensusing native Google Sign-In and Supabase.Use supabase.auth.signInWithIdToken with the ID token from the nativeGoogle sign-in sheet (not the web browser flow).My Google iOS client ID is: <paste iOS client ID>My Google Web client ID is: <paste Web client ID>Match the existing screen design, show a loading state while signing in,and navigate to the home screen on success.
Newly installs and configures the native Google Sign-In package for you. Because this adds a native module, you’ll need to run it on a development build / TestFlight, not the in-editor preview. See Preview vs Builds.
Apple requires native Sign in with Apple for any app that offers third-party login (like Google) on iOS. So if you add Google, you generally must add Apple too, or Apple may reject your submission.
In the Apple Developer portal, go to Certificates, Identifiers & Profiles → Identifiers, open your app’s App ID (matching your Bundle ID), and enable the Sign in with Apple capability.
2
Create a Services ID
Create a new Services ID (e.g. com.yourcompany.yourapp.signin). Enable Sign in with Apple on it and configure the web domain and return URL:
Under Keys, create a new key with Sign in with Apple enabled. Download the .p8 file (you can only download it once) and note the Key ID and your Team ID.
Go to Authentication → Providers → Apple in the Supabase Dashboard and toggle it on.
2
Add your credentials
Enter the Services ID (as the Client ID), your Team ID, Key ID, and the contents of the .p8 key file so Supabase can generate the client secret.
3
Authorize the native client ID
In Authorized Client IDs, add your app’s Bundle ID. Native iOS Sign in with Apple issues tokens to the bundle ID, so Supabase needs it listed to accept them.
Add a "Sign in with Apple" button to my Login and Sign Up screens,following Apple's Human Interface Guidelines (black button, Apple logo).Use expo-apple-authentication to get the identity token, then callsupabase.auth.signInWithIdToken with provider "apple".Only show the button on iOS. Handle the case where the user cancelsthe sheet, and navigate to the home screen on success.
Apple only returns the user’s name and email on the first sign-in for a given Apple ID. Capture and store them then — on later logins you’ll only get the user identifier. If you need to test again, remove the app from your Apple ID under Settings → your name → Sign in with Apple.
Once either provider returns a session, the rest of your auth flow is identical to email/password. Ask the AI to tie it together:
After a successful social login, persist the Supabase session so the userstays logged in across app restarts, and load their profile.If a profiles table row doesn't exist for this user yet, create one withtheir name and email from the auth session.
Supabase stores the session automatically when the client is configured with persistent storage. Newly sets this up for you, but if sessions don’t persist, tell the AI: “The Supabase session isn’t persisting across app restarts.”
Google: 'audience mismatch' or 'invalid token' error
The iOS/Android client ID that issued the token isn’t listed in Supabase. Add it under Authentication → Providers → Google → Authorized Client IDs (comma-separated), separate from the Web client ID.
Apple: button does nothing / 'not handled' error
Confirm Sign in with Apple is enabled on your App ID and the Bundle ID matches exactly.
Confirm your Bundle ID is in Supabase’s Authorized Client IDs for Apple.
Native Sign in with Apple only works on a real build, not the preview.
Redirect URI mismatch
The redirect URL in Google Cloud (Web client) and Apple’s Services ID must exactly match https://<your-project-ref>.supabase.co/auth/v1/callback. Double-check the project ref.
Apple approves but returns no email
Apple only sends name/email on the first authorization for that Apple ID. Store them on first login, and remove the app under Settings → Sign in with Apple to test the first-run flow again.
Works in preview but not in the build (or vice versa)
Native sign-in modules only run in real builds. The web browser OAuth flow can run in the preview but gives a worse UX. Use native sign-in for shipping apps. See Preview vs Builds.