react-native-nitro-auth 0.1.5 → 0.3.0

package/README.md

@@ -27,7 +27,8 @@ Nitro Auth is designed to replace legacy modules like `@react-native-google-sign
 - **Expo Ready**: Comes with a powerful Config Plugin for zero-config setup.
 - **Cross-Platform**: Unified API for iOS, Android, and Web.
 - **Auto-Refresh**: Synchronous access to tokens with automatic silent refresh.
-- **Google One-Tap**: Modern login experience on Android using Credential Manager.
+- **Google One-Tap / Sheet**: Modern login experience on Android (Credential Manager) and iOS (Sign-In Sheet).
+- **Error Metadata**: Detailed native error messages for easier debugging.
 - **Custom Storage**: Pluggable storage adapters for secure persistence (e.g., Keychain).
 - **Refresh Interceptors**: Listen to token updates globally.
 
@@ -52,7 +53,8 @@ Add the plugin to `app.json`:
           "ios": {
             "googleClientId": "YOUR_IOS_CLIENT_ID.apps.googleusercontent.com",
             "googleServerClientId": "YOUR_WEB_CLIENT_ID.apps.googleusercontent.com",
-            "googleUrlScheme": "com.googleusercontent.apps.YOUR_IOS_CLIENT_ID"
+            "googleUrlScheme": "com.googleusercontent.apps.YOUR_IOS_CLIENT_ID",
+            "appleSignIn": true
           },
           "android": {
             "googleClientId": "YOUR_ANDROID_CLIENT_ID.apps.googleusercontent.com"
@@ -64,7 +66,8 @@ Add the plugin to `app.json`:
 }
 ```
 
-> [!NOTE] > `googleServerClientId` is only required if you need a `serverAuthCode` for backend integration.
+> [!NOTE] > `appleSignIn` on iOS is `false` by default to avoid unnecessary entitlements. Set it to `true` to enable Apple Sign-In.
+> `googleServerClientId` is only required if you need a `serverAuthCode` for backend integration.
 
 ### Bare React Native
 
@@ -144,13 +147,24 @@ try {
 }
 ```
 
-| Code                   | Description                                    |
-| ---------------------- | ---------------------------------------------- |
-| `cancelled`            | The user cancelled the sign-in flow            |
-| `network_error`        | A network error occurred                       |
-| `configuration_error`  | Missing client IDs or invalid setup            |
+| `cancelled` | The user cancelled the sign-in flow |
+| `network_error` | A network error occurred |
+| `configuration_error` | Missing client IDs or invalid setup |
 | `unsupported_provider` | The provider is not supported on this platform |
 
+### Native Error Metadata
+
+For more detailed debugging, Nitro Auth captures the raw native error message in the `underlyingError` property of the `AuthUser` (on success) or surfaces it in the caught `Error` object:
+
+```ts
+try {
+  await login("google");
+} catch (e) {
+  // Access raw native error message
+  console.log(e.underlyingError);
+}
+```
+
 ### Automatic Token Refresh
 
 The `getAccessToken()` method automatically checks if the current token is expired (or about to expire) and triggers a silent refresh if possible:
@@ -224,12 +238,15 @@ AuthService.onTokensRefreshed((tokens) => {
 });
 ```
 
-### Google One-Tap (Android)
+### Google One-Tap & Sheet
 
-Explicitly enable the modern One-Tap flow on Android:
+Explicitly enable the modern One-Tap flow on Android or the Sign-In Sheet on iOS:
 
 ```ts
-await login("google", { useOneTap: true });
+await login("google", {
+  useOneTap: true, // Android
+  useSheet: true, // iOS
+});
 ```
 
 ## API Reference

package/android/build.gradle

@@ -93,7 +93,7 @@ dependencies {
   implementation project(":react-native-nitro-modules")
   
   // Google Sign-In SDK (full scope support)
-  implementation "com.google.android.gms:play-services-auth:21.2.0"
+  implementation "com.google.android.gms:play-services-auth:21.5.0"
   
   // Activity result APIs
   implementation "androidx.activity:activity-ktx:1.9.3"

package/android/src/main/cpp/PlatformAuth+Android.cpp

@@ -225,13 +225,14 @@ extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnLoginSuccess
         jmethodID longValueMethod = env->GetMethodID(longClass, "longValue", "()J");
         user.expirationTime = (double)env->CallLongMethod(expirationTime, longValueMethod);
     }
+    
     if (loginPromise) loginPromise->resolve(user);
     if (scopesPromise) scopesPromise->resolve(user);
     if (silentPromise) silentPromise->resolve(user);
 }
 
 extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnLoginError(
-    JNIEnv* env, jclass, jstring error) {
+    JNIEnv* env, jclass, jstring error, jstring underlyingError) {
     
     std::shared_ptr<Promise<AuthUser>> loginPromise;
     std::shared_ptr<Promise<AuthUser>> scopesPromise;
@@ -249,12 +250,19 @@ extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnLoginError(
     const char* errorCStr = env->GetStringUTFChars(error, nullptr);
     std::string errorStr(errorCStr);
     env->ReleaseStringUTFChars(error, errorCStr);
+    
+    std::string finalError = errorStr;
+    if (underlyingError) {
+        const char* uCStr = env->GetStringUTFChars(underlyingError, nullptr);
+        finalError = std::string(uCStr);
+        env->ReleaseStringUTFChars(underlyingError, uCStr);
+    }
 
-    if (loginPromise) loginPromise->reject(std::make_exception_ptr(std::runtime_error(errorStr)));
-    if (scopesPromise) scopesPromise->reject(std::make_exception_ptr(std::runtime_error(errorStr)));
+    if (loginPromise) loginPromise->reject(std::make_exception_ptr(std::runtime_error(finalError)));
+    if (scopesPromise) scopesPromise->reject(std::make_exception_ptr(std::runtime_error(finalError)));
     if (silentPromise) {
         if (errorStr == "No session") silentPromise->resolve(std::nullopt);
-        else silentPromise->reject(std::make_exception_ptr(std::runtime_error(errorStr)));
+        else silentPromise->reject(std::make_exception_ptr(std::runtime_error(finalError)));
     }
 }
 
@@ -290,7 +298,7 @@ extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnRefreshSucce
 }
 
 extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnRefreshError(
-    JNIEnv* env, jclass, jstring error) {
+    JNIEnv* env, jclass, jstring error, jstring underlyingError) {
     
     std::shared_ptr<Promise<AuthTokens>> refreshPromise;
     {
@@ -299,10 +307,17 @@ extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnRefreshError
         gRefreshPromise = nullptr;
     }
     if (refreshPromise) {
+        std::string finalError;
         const char* errorCStr = env->GetStringUTFChars(error, nullptr);
-        std::string errorStr(errorCStr);
+        finalError = std::string(errorCStr);
         env->ReleaseStringUTFChars(error, errorCStr);
-        refreshPromise->reject(std::make_exception_ptr(std::runtime_error(errorStr)));
+        
+        if (underlyingError) {
+            const char* uCStr = env->GetStringUTFChars(underlyingError, nullptr);
+            finalError = std::string(uCStr);
+            env->ReleaseStringUTFChars(underlyingError, uCStr);
+        }
+        refreshPromise->reject(std::make_exception_ptr(std::runtime_error(finalError)));
     }
 }
 

package/android/src/main/java/com/auth/AuthAdapter.kt

@@ -47,13 +47,13 @@ object AuthAdapter {
     )
     
     @JvmStatic
-    private external fun nativeOnLoginError(error: String)
+    private external fun nativeOnLoginError(error: String, underlyingError: String?)
 
     @JvmStatic
     private external fun nativeOnRefreshSuccess(idToken: String?, accessToken: String?, expirationTime: Long?)
 
     @JvmStatic
-    private external fun nativeOnRefreshError(error: String)
+    private external fun nativeOnRefreshError(error: String, underlyingError: String?)
 
     fun initialize(context: Context) {
         val app = context.applicationContext as? Application
@@ -90,27 +90,27 @@ object AuthAdapter {
             12501 -> "cancelled"
             7 -> "network_error"
             8, 10 -> "configuration_error"
-            else -> message ?: "unknown"
+            else -> "unknown"
         }
-        nativeOnLoginError(mappedError)
+        nativeOnLoginError(mappedError, message)
     }
 
     @JvmStatic
     fun loginSync(context: Context, provider: String, googleClientId: String?, scopes: Array<String>?, loginHint: String?, useOneTap: Boolean) {
         if (provider == "apple") {
-            nativeOnLoginError("Apple Sign-In is not supported on Android.")
+            nativeOnLoginError("unsupported_provider", "Apple Sign-In is not supported on Android.")
             return
         }
 
         if (provider != "google") {
-            nativeOnLoginError("Unsupported provider: $provider")
+            nativeOnLoginError("unsupported_provider", "Unsupported provider: $provider")
             return
         }
 
         val ctx = appContext ?: context.applicationContext
         val clientId = googleClientId ?: getClientIdFromResources(ctx)
         if (clientId == null) {
-            nativeOnLoginError("Google Client ID is required. Set it in app.json plugins.")
+            nativeOnLoginError("configuration_error", "Google Client ID is required. Set it in app.json plugins.")
             return
         }
 
@@ -137,7 +137,7 @@ object AuthAdapter {
         val googleIdOption = GetGoogleIdOption.Builder()
             .setFilterByAuthorizedAccounts(false)
             .setServerClientId(clientId)
-            .setAutoSelectEnabled(false) // Disable auto-select for testing so the sheet always shows
+            .setAutoSelectEnabled(false)
             .build()
 
         val request = GetCredentialRequest.Builder()
@@ -191,7 +191,7 @@ object AuthAdapter {
             )
         } else {
             Log.w(TAG, "Unsupported credential type: ${credential.type}")
-            nativeOnLoginError("Unsupported credential type: ${credential.type}")
+            nativeOnLoginError("unknown", "Unsupported credential type: ${credential.type}")
         }
     }
 
@@ -200,7 +200,7 @@ object AuthAdapter {
         val ctx = appContext ?: context.applicationContext
         val account = GoogleSignIn.getLastSignedInAccount(ctx)
         if (account == null) {
-            nativeOnLoginError("No user logged in")
+            nativeOnLoginError("unknown", "No user logged in")
             return
         }
 
@@ -212,7 +212,7 @@ object AuthAdapter {
 
         val clientId = getClientIdFromResources(ctx)
         if (clientId == null) {
-            nativeOnLoginError("Google Client ID not configured")
+            nativeOnLoginError("configuration_error", "Google Client ID not configured")
             return
         }
 
@@ -227,12 +227,12 @@ object AuthAdapter {
         if (googleSignInClient == null) {
             val account = GoogleSignIn.getLastSignedInAccount(ctx)
             if (account == null) {
-                nativeOnRefreshError("No user logged in")
+                nativeOnRefreshError("unknown", "No user logged in")
                 return
             }
             val clientId = getClientIdFromResources(ctx)
             if (clientId == null) {
-                nativeOnRefreshError("Google Client ID not configured")
+                nativeOnRefreshError("configuration_error", "Google Client ID not configured")
                 return
             }
             val gso = GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
@@ -248,7 +248,7 @@ object AuthAdapter {
                 val account = task.result
                 nativeOnRefreshSuccess(account?.idToken, null, null)
             } else {
-                nativeOnRefreshError(task.exception?.message ?: "Silent sign-in failed")
+                nativeOnRefreshError("network_error", task.exception?.message ?: "Silent sign-in failed")
             }
         }
     }
@@ -333,7 +333,7 @@ object AuthAdapter {
                 val serverAuthCode = extractJsonValue(json, "serverAuthCode")
                 nativeOnLoginSuccess(provider, email, name, photo, idToken, null, serverAuthCode, null, null)
             } else {
-                nativeOnLoginError("No session")
+                nativeOnLoginError("unknown", "No session")
             }
         }
     }

package/app.plugin.js

@@ -36,10 +36,12 @@ const withNitroAuth = (config, props = {}) => {
   });
 
   // 2. iOS Entitlements
-  config = withEntitlementsPlist(config, (config) => {
-    config.modResults["com.apple.developer.applesignin"] = ["Default"];
-    return config;
-  });
+  if (ios.appleSignIn === true) {
+    config = withEntitlementsPlist(config, (config) => {
+      config.modResults["com.apple.developer.applesignin"] = ["Default"];
+      return config;
+    });
+  }
 
   // 3. Android Strings (for Google Client ID)
   config = withStringsXml(config, (config) => {
@@ -63,5 +65,5 @@ const withNitroAuth = (config, props = {}) => {
 module.exports = createRunOncePlugin(
   withNitroAuth,
   "react-native-nitro-auth",
-  "0.1.3"
+  "0.1.6"
 );

package/ios/AuthAdapter.swift

@@ -7,7 +7,7 @@ import ObjectiveC
 @objc
 public class AuthAdapter: NSObject {
   @objc
-  public static func login(provider: String, scopes: [String], loginHint: String?, completion: @escaping (NSDictionary?, String?) -> Void) {
+  public static func login(provider: String, scopes: [String], loginHint: String?, useSheet: Bool, completion: @escaping (NSDictionary?, String?) -> Void) {
     if provider == "google" {
       guard let clientId = Bundle.main.object(forInfoDictionaryKey: "GIDClientID") as? String, !clientId.isEmpty else {
         completion(nil, "configuration_error")
@@ -27,28 +27,10 @@ public class AuthAdapter: NSObject {
         GIDSignIn.sharedInstance.configuration = config
         
         let additionalScopes = scopes.isEmpty ? nil : scopes
+        
+        // Modern sheet-like API
         GIDSignIn.sharedInstance.signIn(withPresenting: rootVC, hint: loginHint, additionalScopes: additionalScopes) { result, error in
-          if let error = error {
-            completion(nil, AuthAdapter.mapError(error))
-            return
-          }
-          
-          guard let user = result?.user else {
-            completion(nil, "unknown")
-            return
-          }
-          
-          let data: [String: Any] = [
-            "provider": "google",
-            "email": user.profile?.email ?? "",
-            "name": user.profile?.name ?? "",
-            "photo": user.profile?.imageURL(withDimension: 300)?.absoluteString ?? "",
-            "idToken": user.idToken?.tokenString ?? "",
-            "accessToken": user.accessToken.tokenString,
-            "serverAuthCode": result?.serverAuthCode ?? "",
-            "expirationTime": (user.accessToken.expirationDate?.timeIntervalSince1970 ?? 0) * 1000
-          ]
-          completion(data as NSDictionary, nil)
+          self.handleGoogleResult(result, error: error, completion: completion)
         }
       }
     } else if provider == "apple" {
@@ -66,6 +48,31 @@ public class AuthAdapter: NSObject {
     }
   }
 
+  private static func handleGoogleResult(_ result: GIDSignInResult?, error: Error?, completion: @escaping (NSDictionary?, String?) -> Void) {
+    if let error = error {
+      completion(nil, error.localizedDescription)
+      return
+    }
+    
+    guard let user = result?.user else {
+      completion(nil, "unknown")
+      return
+    }
+    
+    let data: [String: Any] = [
+      "provider": "google",
+      "email": user.profile?.email ?? "",
+      "name": user.profile?.name ?? "",
+      "photo": user.profile?.imageURL(withDimension: 300)?.absoluteString ?? "",
+      "idToken": user.idToken?.tokenString ?? "",
+      "accessToken": user.accessToken.tokenString,
+      "serverAuthCode": result?.serverAuthCode ?? "",
+      "expirationTime": (user.accessToken.expirationDate?.timeIntervalSince1970 ?? 0) * 1000,
+      "underlyingError": ""
+    ]
+    completion(data as NSDictionary, nil)
+  }
+
   static func mapError(_ error: Error) -> String {
     let nsError = error as NSError
     if nsError.domain == "com.google.GIDSignIn" {
@@ -92,27 +99,7 @@ public class AuthAdapter: NSObject {
       }
       
       currentUser.addScopes(scopes, presenting: rootVC) { result, error in
-        if let error = error {
-          completion(nil, AuthAdapter.mapError(error))
-          return
-        }
-        
-        guard let user = result?.user else {
-          completion(nil, "unknown")
-          return
-        }
-        
-        let data: [String: Any] = [
-          "provider": "google",
-          "email": user.profile?.email ?? "",
-          "name": user.profile?.name ?? "",
-          "photo": user.profile?.imageURL(withDimension: 300)?.absoluteString ?? "",
-          "idToken": user.idToken?.tokenString ?? "",
-          "accessToken": user.accessToken.tokenString,
-          "serverAuthCode": result?.serverAuthCode ?? "",
-          "expirationTime": (user.accessToken.expirationDate?.timeIntervalSince1970 ?? 0) * 1000
-        ]
-        completion(data as NSDictionary, nil)
+        self.handleGoogleResult(result, error: error, completion: completion)
       }
     }
   }
@@ -126,7 +113,7 @@ public class AuthAdapter: NSObject {
     
     currentUser.refreshTokensIfNeeded { user, error in
       if let error = error {
-        completion(nil, AuthAdapter.mapError(error))
+        completion(nil, error.localizedDescription)
         return
       }
       
@@ -138,9 +125,10 @@ public class AuthAdapter: NSObject {
       let data: [String: Any] = [
         "accessToken": user.accessToken.tokenString,
         "idToken": user.idToken?.tokenString ?? "",
-        "expirationTime": (user.accessToken.expirationDate?.timeIntervalSince1970 ?? 0) * 1000
+        "expirationTime": (user.accessToken.expirationDate?.timeIntervalSince1970 ?? 0) * 1000,
+        "underlyingError": error?.localizedDescription ?? ""
       ]
-      completion(data as NSDictionary, nil)
+      completion(data as NSDictionary, error?.localizedDescription)
     }
   }
 
@@ -196,13 +184,14 @@ class AppleSignInDelegate: NSObject, ASAuthorizationControllerDelegate {
         "provider": "apple",
         "email": email ?? "",
         "name": name,
-        "idToken": idToken ?? ""
+        "idToken": idToken ?? "",
+        "underlyingError": ""
       ]
       completion(data as NSDictionary, nil)
     }
   }
   
   func authorizationController(controller: ASAuthorizationController, didCompleteWithError error: Error) {
-    completion(nil, AuthAdapter.mapError(error))
+    completion(nil, error.localizedDescription)
   }
 }

package/ios/PlatformAuth+iOS.mm

@@ -14,6 +14,11 @@
 #include "LoginOptions.hpp"
 
 namespace margelo::nitro::NitroAuth {
+ 
+ inline std::string nsToStd(NSString* _Nullable ns) {
+     if (ns == nil) return "";
+     return std::string([ns UTF8String]);
+ }
 
 std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, const std::optional<LoginOptions>& options) {
     auto promise = Promise<AuthUser>::create();
@@ -33,12 +38,12 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, co
         }
     }
     
-    // Default scopes if none provided
-    if (scopesArray.count == 0) {
-        [scopesArray addObjectsFromArray:@[@"openid", @"email", @"profile"]];
+    BOOL useSheet = NO;
+    if (options.has_value() && options->useSheet.has_value()) {
+        useSheet = options->useSheet.value();
     }
     
-    [AuthAdapter loginWithProvider:providerStr scopes:scopesArray loginHint:hintStr completion:^(NSDictionary* _Nullable data, NSString* _Nullable error) {
+    [AuthAdapter loginWithProvider:providerStr scopes:scopesArray loginHint:hintStr useSheet:useSheet completion:^(NSDictionary* _Nullable data, NSString* _Nullable error) {
         if (error != nil) {
             promise->reject(std::make_exception_ptr(std::runtime_error([error UTF8String])));
             return;
@@ -50,13 +55,14 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, co
         
         AuthUser user;
         user.provider = provider;
-        user.email = std::string([[data objectForKey:@"email"] UTF8String]);
-        user.name = std::string([[data objectForKey:@"name"] UTF8String]);
-        user.photo = std::string([[data objectForKey:@"photo"] UTF8String]);
-        user.idToken = std::string([[data objectForKey:@"idToken"] UTF8String]);
-        if ([data objectForKey:@"accessToken"]) user.accessToken = std::string([[data objectForKey:@"accessToken"] UTF8String]);
-        if ([data objectForKey:@"serverAuthCode"]) user.serverAuthCode = std::string([[data objectForKey:@"serverAuthCode"] UTF8String]);
+        user.email = nsToStd([data objectForKey:@"email"]);
+        user.name = nsToStd([data objectForKey:@"name"]);
+        user.photo = nsToStd([data objectForKey:@"photo"]);
+        user.idToken = nsToStd([data objectForKey:@"idToken"]);
+        if ([data objectForKey:@"accessToken"]) user.accessToken = nsToStd([data objectForKey:@"accessToken"]);
+        if ([data objectForKey:@"serverAuthCode"]) user.serverAuthCode = nsToStd([data objectForKey:@"serverAuthCode"]);
         if ([data objectForKey:@"expirationTime"]) user.expirationTime = [[data objectForKey:@"expirationTime"] doubleValue];
+        if ([data objectForKey:@"underlyingError"]) user.underlyingError = nsToStd([data objectForKey:@"underlyingError"]);
         
         promise->resolve(user);
     }];
@@ -80,13 +86,14 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::requestScopes(const std::vector
         
         AuthUser user;
         user.provider = AuthProvider::GOOGLE;
-        user.email = std::string([[data objectForKey:@"email"] UTF8String]);
-        user.name = std::string([[data objectForKey:@"name"] UTF8String]);
-        user.photo = std::string([[data objectForKey:@"photo"] UTF8String]);
-        user.idToken = std::string([[data objectForKey:@"idToken"] UTF8String]);
-        if ([data objectForKey:@"accessToken"]) user.accessToken = std::string([[data objectForKey:@"accessToken"] UTF8String]);
-        if ([data objectForKey:@"serverAuthCode"]) user.serverAuthCode = std::string([[data objectForKey:@"serverAuthCode"] UTF8String]);
+        user.email = nsToStd([data objectForKey:@"email"]);
+        user.name = nsToStd([data objectForKey:@"name"]);
+        user.photo = nsToStd([data objectForKey:@"photo"]);
+        user.idToken = nsToStd([data objectForKey:@"idToken"]);
+        if ([data objectForKey:@"accessToken"]) user.accessToken = nsToStd([data objectForKey:@"accessToken"]);
+        if ([data objectForKey:@"serverAuthCode"]) user.serverAuthCode = nsToStd([data objectForKey:@"serverAuthCode"]);
         if ([data objectForKey:@"expirationTime"]) user.expirationTime = [[data objectForKey:@"expirationTime"] doubleValue];
+        if ([data objectForKey:@"underlyingError"]) user.underlyingError = nsToStd([data objectForKey:@"underlyingError"]);
         promise->resolve(user);
     }];
     return promise;
@@ -100,8 +107,8 @@ std::shared_ptr<Promise<AuthTokens>> PlatformAuth::refreshToken() {
             return;
         }
         AuthTokens tokens;
-        if ([data objectForKey:@"accessToken"]) tokens.accessToken = std::string([[data objectForKey:@"accessToken"] UTF8String]);
-        if ([data objectForKey:@"idToken"]) tokens.idToken = std::string([[data objectForKey:@"idToken"] UTF8String]);
+        if ([data objectForKey:@"accessToken"]) tokens.accessToken = nsToStd([data objectForKey:@"accessToken"]);
+        if ([data objectForKey:@"idToken"]) tokens.idToken = nsToStd([data objectForKey:@"idToken"]);
         if ([data objectForKey:@"expirationTime"]) tokens.expirationTime = [[data objectForKey:@"expirationTime"] doubleValue];
         promise->resolve(tokens);
     }];
@@ -117,13 +124,14 @@ std::shared_ptr<Promise<std::optional<AuthUser>>> PlatformAuth::silentRestore()
         }
         AuthUser user;
         user.provider = [[data objectForKey:@"provider"] isEqualToString:@"google"] ? AuthProvider::GOOGLE : AuthProvider::APPLE;
-        user.email = std::string([[data objectForKey:@"email"] UTF8String]);
-        user.name = std::string([[data objectForKey:@"name"] UTF8String]);
-        user.photo = std::string([[data objectForKey:@"photo"] UTF8String]);
-        user.idToken = std::string([[data objectForKey:@"idToken"] UTF8String]);
-        if ([data objectForKey:@"accessToken"]) user.accessToken = std::string([[data objectForKey:@"accessToken"] UTF8String]);
-        if ([data objectForKey:@"serverAuthCode"]) user.serverAuthCode = std::string([[data objectForKey:@"serverAuthCode"] UTF8String]);
+        user.email = nsToStd([data objectForKey:@"email"]);
+        user.name = nsToStd([data objectForKey:@"name"]);
+        user.photo = nsToStd([data objectForKey:@"photo"]);
+        user.idToken = nsToStd([data objectForKey:@"idToken"]);
+        if ([data objectForKey:@"accessToken"]) user.accessToken = nsToStd([data objectForKey:@"accessToken"]);
+        if ([data objectForKey:@"serverAuthCode"]) user.serverAuthCode = nsToStd([data objectForKey:@"serverAuthCode"]);
         if ([data objectForKey:@"expirationTime"]) user.expirationTime = [[data objectForKey:@"expirationTime"] doubleValue];
+        if ([data objectForKey:@"underlyingError"]) user.underlyingError = nsToStd([data objectForKey:@"underlyingError"]);
         promise->resolve(user);
     }];
     return promise;

package/lib/commonjs/Auth.web.js

@@ -147,24 +147,19 @@ class AuthWeb {
     return tokens;
   }
   mapError(error) {
-    if (error instanceof Error) {
-      const msg = error.message.toLowerCase();
-      if (msg.includes("cancel") || msg.includes("popup_closed")) {
-        return new Error("cancelled");
-      }
-      if (msg.includes("network")) {
-        return new Error("network_error");
-      }
-      if (msg.includes("client id") || msg.includes("config")) {
-        return new Error("configuration_error");
-      }
-      return error;
-    }
-    const msg = String(error).toLowerCase();
+    const rawMessage = error instanceof Error ? error.message : String(error);
+    const msg = rawMessage.toLowerCase();
+    let mappedMsg = rawMessage;
     if (msg.includes("cancel") || msg.includes("popup_closed")) {
-      return new Error("cancelled");
+      mappedMsg = "cancelled";
+    } else if (msg.includes("network")) {
+      mappedMsg = "network_error";
+    } else if (msg.includes("client id") || msg.includes("config")) {
+      mappedMsg = "configuration_error";
     }
-    return new Error(String(error));
+    const authError = new Error(mappedMsg);
+    authError.underlyingError = rawMessage;
+    return authError;
   }
   async loginGoogle(scopes, loginHint) {
     const config = getConfig();
@@ -177,13 +172,11 @@ class AuthWeb {
       const authUrl = new URL("https://accounts.google.com/o/oauth2/v2/auth");
       authUrl.searchParams.set("client_id", clientId);
       authUrl.searchParams.set("redirect_uri", redirectUri);
-      // Requesting code alongside tokens for server-side verification if needed
       authUrl.searchParams.set("response_type", "id_token token code");
       authUrl.searchParams.set("scope", scopes.join(" "));
       authUrl.searchParams.set("nonce", Math.random().toString(36).slice(2));
-      authUrl.searchParams.set("access_type", "offline"); // Needed for server auth code flow
-      authUrl.searchParams.set("prompt", "consent"); // Force consent to get refresh token/code sometimes
-
+      authUrl.searchParams.set("access_type", "offline");
+      authUrl.searchParams.set("prompt", "consent");
       if (loginHint) {
         authUrl.searchParams.set("login_hint", loginHint);
       }
@@ -282,7 +275,7 @@ class AuthWeb {
           };
           this.updateUser(user);
           resolve();
-        }).catch(e => reject(this.mapError(e)));
+        }).catch(err => reject(this.mapError(err)));
       };
       script.onerror = () => reject(new Error("Failed to load Apple SDK"));
       document.head.appendChild(script);