As of now, native Android app can get Digital Credential, extract SD-JWT token to perform email verification directly in the app. This brings a lot of convenience over traditional email verification via link sent to email. With this new experience, it would be nice if Supabase can support some mechanism to set up and an API to verify email with SD-JWT.
No direct support from API so can not build a robust end-to-end solution from SDK This new SD-JWT has nothing to do with OIDC so can not take advantage of any current Auth API
We can achieve the whole flow with Edge Function, but it requires complex set up and not developer-friendly. Below is my solution built with supabase-kt.
High level
sequenceDiagram
participant App as Android App
participant CM as Credentials Manager
participant EF as Edge Function
participant Google as Google Identity Services
App->>CM: 1. Request Digital Credentials
CM-->>App: 2. Return Digital Credentials (SD-JWT)
App->>App: 3. Extract SD-JWT Token
App->>EF: 4. Send SD-JWT Token
EF->>Google: 5. Validate Issuer + Signature
Google-->>EF: Validation Result
alt Validation Successful
EF->>EF: 6. Update Email Verification Status
EF-->>App: Success Response
else Validation Failed
EF-->>App: Error Response
end
Note over App,Google: High-level Email Verification Flow using Google Digital Credentials
Screenshot
https://github.com/user-attachments/assets/dab8dd21-e712-48f3-9c5a-4e90e499e400
Hieu Vu requests support for email verification using SD-JWT in native Android apps. The current workaround involves using Edge Functions, but a direct API would simplify the process. The user highlights the limitations of existing Auth APIs and suggests a more developer-friendly solution.
Implementation of sd-jwt token extract from Android https://github.com/supabase-community/supabase-kt-plugins/pull/96
Send the token to Edge Function https://github.com/supabase-community/supabase-kt/pull/1316