ken8080

I fixed it. This is really poorly documented. I think the docs should mention this. You need to pass the raw nonce to supabase's `signInWithIdToken` but the hashed nonce to `google.accounts.id.initialize`: ```ts const getNonce = () => { const array = new Uint8Array(32) crypto.getRandomValues(array) return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('') } const getHash = async (string: string) => { const data = new TextEncoder().encode(string) const digest = await crypto.subtle.digest('SHA-256', data) return Array.from(new Uint8Array(digest)) .map(b => b.toString(16).padStart(2, '0')) .join('') } export const GoogleOneTap = () => { const [google, setGoogle] = useState<typeof window.google | undefined>(undefined) const [nonce] = useState(getNonce) const onLoad = async () => { if (google) return try { const { google } = window if (!google) { throw new Error('window.google not found after loading script') } google.accounts.id.initialize({ client_id: clientEnv.NEXT_PUBLIC_GOOGLE_CLIENT_ID, callback: onResponse, auto_select: false, cancel_on_tap_outside: true, use_fedcm_for_button: true, use_fedcm_for_prompt: true, context: 'signin', nonce: await getHash(nonce) }) setGoogle(google) } catch (error) { console.error('Google One Tap initialize error:', error) } } const onResponse = async (response: google.accounts.id.CredentialResponse) => { try { await supBrowser.auth['sign-in'].google['one-tap'].$post({ json: { token: response.credential, nonce } }) window.location.reload() } catch (error) { console.error('Google One Tap sign-in error:', error) toast.error(error instanceof Error ? error.message : 'Failed to sign in with Google') } } } ```

The dev database doesn't support SSL so you have to pass ssl: false

No problem

`drizzle.config.ts`: ```ts import { defineConfig } from 'drizzle-kit' import { z } from 'zod' const drizzleEnv = z .object({ DATABASE_URL: z.string().min(1), DATABASE_CA_CERT: z .string() .min(1) .optional() .refine(ca => (process.env.NODE_ENV === 'production' ? ca : !ca)) }) .parse(process.env) const databaseUrl = new URL(drizzleEnv.DATABASE_URL) const drizzleConfig = defineConfig({ schema: './features/db/schema', out: './features/db/migrations', dialect: 'postgresql', dbCredentials: { user: databaseUrl.username, password: databaseUrl.password, host: databaseUrl.hostname, port: Number.parseInt(databaseUrl.port, 10), database: databaseUrl.pathname.slice(1), ssl: drizzleEnv.DATABASE_CA_CERT ? { ca: drizzleEnv.DATABASE_CA_CERT, servername: databaseUrl.hostname } : false } }) export default drizzleConfig ```

<@869319595784290395> That fixed it. Thank you very much.

I passed it with `ssl: { ca: '...' }`. I see that that github post says you can't use `url` then. Let me try that. Thank you

By the way, I temporarily "fixed" this by turning off requiring SSL. Hopefully I can turn it back on tomorrow. Even passing the ssl ca cert didn't fix it.

I have the ipv4 add-on (I'm on Render), I was under the impression that was the faster (one less hop) option of the two?

No, this is a long lived server, I think a pooler would be worse