Audience in ID Token [host.exp.Exponent] does not match the expected audience for AppleAuthentication

  1. SDK Version: 40.0
  2. Platforms(Android/iOS/web/all): iOS
  3. Add the appropriate “Tag” based on what Expo library you have a question on.

I’ve been following AppleAuthentication - Expo Documentation to implement Apple authentication with firebase.

This is the snippet of code I am using for the onPress method:

      const csrf = Math.random().toString(36).substring(2, 15);
      const nonce = Math.random().toString(36).substring(2, 10);
      const hashedNonce = await Crypto.digestStringAsync(
      const appleCredential = await AppleAuthentication.signInAsync({
        requestedScopes: [
        state: csrf,
        nonce: hashedNonce,
      console.log("Apple credentials", appleCredential);
      const { identityToken } = appleCredential;
      if (identityToken) {
        const provider = new firebase.auth.OAuthProvider("");
        const credential = provider.credential({
          idToken: identityToken,
          rawNonce: nonce,

          .then((res) => {
            console.log("Successfully signed in with Apple ID", res);
          .catch((err) => {

When I try to login on the Expo Go app on my iOS device, it throws the following error:

The audience in ID Token [host.exp.Exponent] does not match the expected audience.

This seems to be a common issue: I tried following this recommendation of setting the Services ID to host.expo.Exponent to no avail.

I’ve also even tried adding a separate iOS app with bundler ID ‘host.expo.Exponent’ to my Firebase project (and using the associated GoogleServices-Info.plist file) to no avail.

1 Like

So I couldn’t get this to work at all in Expo Go, but it works fine without any additional configuration as a standalone app!

So Im using expo version ~38.0.8 and it’s working for me locally on expo go (after settings services ID to host.exp.Exponent)

I’m also on the managed workflow

And as a workaround/best-practice for not being able to use Expo Go’s service ID once your app goes out to production and uses the app bundle ID for the service ID, you can create a new Firebase project just for the dev environment and initialize firebase depending on your app’s environment like this:

if (!firebase.apps.length) {
  if (__DEV__) {"Initializing firebase for DEV env")
  } else {"Initializing firebase for PROD env")

export const auth = firebase.auth()
export const authProvider = new firebase.auth.OAuthProvider("")

This way you can keep your testing accounts/data separate from production