fix(ios): add missing Google Sign In configuration for dev environment #4400
Conversation
This commit fixes Google Sign In crashes that were occurring due to missing iOS configuration. These changes saved significant debugging time. Changes: - Add GIDClientID to Info.plist (required for Google OAuth) - Update Custom.xcconfig with correct GOOGLE_CLIENT_ID matching Firebase config - Update Podfile.lock with pasteboard plugin dependency Without these changes, the app crashes immediately when attempting to sign in with Google. The issue was that GIDClientID was never configured in Info.plist, and Custom.xcconfig was missing the GOOGLE_CLIENT_ID variable. These fixes ensure Google Sign In works out of the box for other developers running in dev flavor mode. Co-Authored-By: Claude Sonnet 4.5 <[email protected]>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request successfully resolves a crash on iOS related to Google Sign-In by adding the necessary configuration. The changes to Info.plist and Podfile.lock are correct. However, a critical security vulnerability has been introduced by hardcoding the GOOGLE_CLIENT_ID in app/ios/Flutter/Custom.xcconfig. This secret should be managed securely, for example, by using environment variables during the build process, rather than committing it to the repository.
| GOOGLE_CLIENT_ID=208440318997-ukinsq3sijhcetkhr26ssqp1terbq7as.apps.googleusercontent.com | ||
| GOOGLE_REVERSE_CLIENT_ID=com.googleusercontent.apps.208440318997-ukinsq3sijhcetkhr26ssqp1terbq7as |
There was a problem hiding this comment.
Hardcoding secrets like GOOGLE_CLIENT_ID and GOOGLE_REVERSE_CLIENT_ID in a version-controlled file poses a significant security risk. Although the file includes a comment advising against versioning it, its inclusion in this pull request indicates it is tracked by Git. Exposing these credentials could lead to security breaches if the repository is public or if unauthorized individuals gain access.
It is strongly recommended to remove these hardcoded values. Instead, they should be injected at build time from a secure source, such as environment variables in your CI/CD pipeline or a secrets management tool.
For example, you could generate this file dynamically during your build process:
# In your CI/CD script
echo "GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID_SECRET" > app/ios/Flutter/Custom.xcconfig
echo "GOOGLE_REVERSE_CLIENT_ID=$GOOGLE_REVERSE_CLIENT_ID_SECRET" >> app/ios/Flutter/Custom.xcconfigAfterward, ensure app/ios/Flutter/Custom.xcconfig is added to your .gitignore file to prevent it from being committed in the future.
Summary
Fixes Google Sign In crashes on iOS by adding missing OAuth configuration. This saved me significant debugging time.
Problem
GIDSignIn.m:517due to missingGIDClientID.dev.envfileSolution
GIDClientIDto Info.plist - Required by Google Sign In SDKGOOGLE_CLIENT_IDmatching Firebase configTesting
✅ Successfully tested Google Sign In flow on iOS simulator
✅ Backend API calls working correctly after sign-in
✅ Language selection and onboarding flow complete
Impact
Without these changes, any developer running in dev flavor mode would experience immediate crashes when trying to sign in with Google. This PR ensures the configuration works out of the box.
🤖 Generated with Claude Code