Fix Google Auth Mismatch
If you encounter server_error: Unable to exchange external code during Google Sign-In, it is 99% likely due to a Client Secret Mismatch between your local environment (.env.local) and the Supabase Dashboard.
This usually happens after:
- •Running
setup-google-oauth.ts(which may create a new secret). - •Rotated keys in Google Cloud Console.
Resolution Steps
1. Update Local Credentials
Run the helper script to securely update your local .env.local file with the correct Google Client Secret.
bash
cd /Users/thelostunfounds/.gemini/antigravity/scratch/thelostandunfounds npx tsx scripts/update-google-secret.ts
This script will prompt you to paste the secret (input is hidden) and save it correctly.
2. Update Supabase Dashboard
CRITICAL: Updating locally is not enough. You must sync Supabase.
- •Copy the SAME secret you just used.
- •Go to Supabase Dashboard > Auth > Providers > Google.
- •Paste the secret into the Client Secret field.
- •Click Save.
3. Verification
- •Restart the dev server:
npm run dev - •Attempt login at
http://localhost:3000.
Scripts
- •
scripts/update-google-secret.ts: Utility to update.env.localsecurely.