JWT

The mobile app keeps logging out. It works fine right after login, but when you background the app briefly and reopen it, the login screen appears. Token storage in SecureStorage was verified, and 401 auto-refresh via Dio interceptor was implemented. So why? Reproducing the Symptom Login to app -> works normally Restart app around access token expiration time -> Session restore fails, forced logout Found a hint in the server logs. ...

Apple Sign-In was failing with 403 Forbidden while Google Sign-In worked perfectly fine. Since Apple login worked correctly in another project using the same stack (Rails 8 + Flutter), I did a comparative analysis. Symptoms Apple login: 403 Forbidden Google login: works fine Error message: "Email not verified by Apple" Cause 1: email_verified Type Mismatch (Core Issue) Apple and Google return the email_verified field in JWT with different types. Provider email_verified type Example value Google boolean true Apple string or boolean "true" or true The problematic code: ...