The knowledge sources confirm that Ory recommends using a nonce for Google social sign-in in native apps to prevent replay attacks. However, they also explicitly state that not all Google SDKs support nonce handling: > While not explicitly required, as not all of Google SDKs support it, we recommend that you use a

nonce

to prevent replay attacks wherever possible. > ... > If your SDK supports nonce validation, make sure to use a generated value and submit that during the next step. > ... > Obtain an

id_token

from Google using the Google SDK. Make sure to also submit the

nonce

if you generated one in the step before. > ... > Submit the

id_token

and

nonce

(as the

id_token_nonce

) as part of the

updateRegistrationFlow

or

updateLoginFlow

request to Ory. > ... > [Flutter code example omitted for brevity] > — [Ory Docs: Google SDK on native apps](https://www.ory.sh/docs/kratos/social-signin/google#using-the-google-sdk-on-native-apps) The provided Flutter code example using the

google_sign_in

package does not include any handling of a nonce, and there is no mention of a workaround for this limitation. The documentation suggests that if the SDK does not support nonce, you may proceed without it, but using a nonce is recommended "wherever possible." Summary: If the

google_sign_in

Flutter SDK does not allow you to set or retrieve a nonce, you cannot use a nonce in the Ory login flow with this SDK. Ory recommends using a nonce for better security, but acknowledges that it is not always possible with all SDKs, including the Flutter one. There is no documented workaround in the knowledge sources for this limitation. If nonce support is critical for your use case, you may need to look for alternative SDKs or approaches that allow nonce injection, but the Ory documentation does not provide guidance or solutions for this scenario.

I'm sorry, but the knowledge sources do not provide an alternative solution for using a nonce with the google_sign_in Flutter SDK when the SDK does not support setting or retrieving a nonce. The Ory documentation acknowledges this limitation and simply states that using a nonce is recommended "wherever possible," but not all SDKs support it. No workaround or alternative approach is documented for this scenario in the provided sources [Ory Docs: Google SDK on native apps](https://www.ory.sh/docs/kratos/social-signin/google#using-the-google-sdk-on-native-apps).

Based on the knowledge sources provided, there is no mention of an alternative Flutter package that allows you to set or handle a nonce for Google sign-in in native apps. The Ory documentation only references the use of the official

google_sign_in

Flutter package and notes its limitation regarding nonce support. No other packages or workarounds are suggested or documented for this use case [Ory Docs: Google SDK on native apps](https://www.ory.sh/docs/kratos/social-signin/google#using-the-google-sdk-on-native-apps). If nonce support is essential for your application, the knowledge sources do not provide a solution or recommend an alternative package at this time.