Hi all - hoping someone might have some insight in to this issue. I am stuck on implementing Google Social Sign In on iOS and error message printed out in the Ory Network "Logs & events" tab. I am using the Google Native SDK per this link: https://www.ory.sh/docs/kratos/social-signin/google?_gl=1*8ctley*_gcl_au*MTgzMjMwNzc0Mi4xNzUwODU4NjE4#using-the-google-sdk-on-native-apps I am not using the nonce as it is not yet supported with the version of the Google SDK that I am using. Unfortunately with Ory Network it is all a bit of black box as to what is happening and all the debugging I have tried from the docs, such as hardcoding the email in the JSONnet template still gets the same error:

I[#/traits] S[#/properties/traits/$ref] doesn't validate with "<https://storage.googleapis.com/bac-gcs-production/895fdeb4cd704ef64dccc4b16878ec2846101c4a13ddb6b57c341879a2dcfca734625a75011429a2bbc3329ca53dc2a268ed722dfb5f204ff45fbf97bb14b3f2.json#/properties/traits>"
  I[#/traits] S[#/properties/traits/required] missing properties: "email"

I get this even though I have tried variations of the Data mapper with this content: and I have set the Data mapping to

{
  identity: {
    traits: {
      email: "<mailto:test.from.jsonnet@example.com|test.from.jsonnet@example.com>"
    }
  }
}

As far as I understand it, setting the data mapper to this in the OIDC config should always pass this "trait" validation. Attached is a screenshot of my Data Access. I am not sure if it is safe to post screenshots with the Client IDs or not, but I have confirmed that they are correct, the scopes match the Data Access set up in Google. Based on the log error above, I assume it is getting the

id_token

successfully, but it is failing on validating the schema. I have confirmed that the JWT contains all of the info and it is here:

eyJhbGciOiJSUzI1NiIsImtpZCI6Ijg4MjUwM2E1ZmQ1NmU5ZjczNGRmYmE1YzUwZDdiZjQ4ZGIyODRhZTkiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiI2MzYzNzY3NTkxMjUtbzg3cnVpYmRkcHNwdWY0bWJqOXVuMGdqMzdjMTU2cHQuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiI2MzYzNzY3NTkxMjUtNW8zMWhyajNzdmJsMHRwdXM0ZXMxMW03cWxuazlnbmwuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDI5MTg5NDk1Nzk0MTY0MzQ5NzMiLCJlbWFpbCI6InNib3gyNXRlc3RAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJoX2I3X2p0N2psQmtER1BybXZZbkZ3Iiwibm9uY2UiOiJEN25jUWZUODBOdDY0MXJtRjB2N3ZSQVpSNUhlbTdLLXEzZ0ctelB3SjVnIiwibmFtZSI6IkNocmlzIFdoZWF0bGV5IiwicGljdHVyZSI6Imh0dHBzOi8vbGgzLmdvb2dsZXVzZXJjb250ZW50LmNvbS9hL0FDZzhvY0p1bUpYU25rMnJ1U0VjdkgxQXluZkhFZkNfYnQ3ZHhjMlJCUUxpdE5rMzBCR1F0UT1zOTYtYyIsImdpdmVuX25hbWUiOiJDaHJpcyIsImZhbWlseV9uYW1lIjoiV2hlYXRsZXkiLCJpYXQiOjE3NTEyODk5MDEsImV4cCI6MTc1MTI5MzUwMX0.qt5hLpVq99HIwQLvNgH1RtvlS4lKJyGawDyheffOcsYoWniu61NKSFZh1rvfVL7TrfaIPZv2ExTf848Fedz_ZSjTk2gbVI0bKI_QkjKDKBwv5Bcvv4h6rD6wZe9daH4YQOzI9Ke8SUVSjVpVO0DkdJFXex19S6JvvSer0CDh5ymrSXPvTUSulZcm-zOr_1goMQHrZZLMvg0yKVp-o9UYuuS7BlikuCcDQYGU76q6oxt2hHIOvo-C4HutcFVJJ2AovuHWhNRhV4yCdENCrMvywJYBi7noQQ3lIhKdzl59aJgYLcnHiMbZeNQqPCp-2LLYTNLfzlkX0qTwxXOVjjU04w

Even with this JWT, with the JSONnet mapping, it should replace it with the hardcoded email and create the account - yet I still get this same error every single time. Any help would be greatly appreciated.

Hi! Jsonnet & OIDC can be frustrating! So thanks for the detailed write up. I assume, you've tried with the default snippet from here: https://www.ory.sh/docs/kratos/social-signin/google#data-mapping? To further debug this, could you send me the flow id of a flow where this is happening via DM here? I can take a look at our internal logs, which are a bit more detailed.

Thanks @bland-eye-99092 I send you a DM