Comments (11)
Hi all,
Here's what I am doing:
-
I am using a WKWebView for sign-in/sign-up, so when the user clicks the "Sign In With Apple" button, it goes to
users/auth/apple
(the omniauth-apple plugin), which redirects toappleid.apple.com
. which I deny. -
At that point, I grab the
state
andnonce
from the URL and build aASAuthorizationAppleIDProvider
request using the native SDK. -
Once that succeeds, it gives me an authorization code which I can then pass on to
users/auth/apple/callback
in my webview, together with thestate
, and that logs me in successfully.
Please note you need to use your app ID as client ID in the omniauth-apple config!
Best,
Eric
from omniauth-apple.
I also had to insert the following into libomniauth/strategies/apple.rb :
This skips all effective authentication and allows anyone in possession of a valid id_token to login to your site as that account. Id tokens are not secret and are only signed to prove validity and detect tampering.
Without the one-time-use code
it's not possible for the app-server running omniauth to validate the id_token provided in the callback.
from omniauth-apple.
Indeed, I had not seen the information, thanks for correcting me.
How would you go about handling this case then ?
I tried sending the ˋcodeˋ alongside the ˋid_token but this didn’t work. I often encountered a ˋinvalid_grant
or ˋinvalid_request` in all my trials and errors.
An important point to note : the iOS app provides a ˋstate ˋ parameter, user data and ˋid_token ˋ but that’s about it. State and user data seem to be null after first connection.
Another point : the iOS app provides its App ID as a client id, and I have not been able to access a matching secret PEM key, which seems to be required to transform the code into an access token ?
I’m available to try multiple scenarios but I have to say I’m a bit lost on where to go from here.
from omniauth-apple.
@btalbot
Is there an effective way to make this work? I was able to work it the way he (@dvkch) suggested.
from omniauth-apple.
It seems to be correct to use authorization code
. Resolved.
from omniauth-apple.
@yamarkz Have you been able to use the authotization code given by an iOS device ? If so what configuration did you use (key_id
, pem
, etc) ?
from omniauth-apple.
does anybody have any progress with this?
from omniauth-apple.
I was able to get this to work with a flutter app using the native flow.
The primary app ID is configured with the service ID for the web-based authentication.
The native app bundle ID is passed to authorized_client_ids.
When creating a call to the callback endpoint need to ensure that the id_token and code are both passed as received from the original SDK response.
from omniauth-apple.
I guess no issues anymore?
from omniauth-apple.
Hi @donaldpiret @dvkch ,
am facing the same challenge and would like to ask you how you were able to resolve it.
So far I have:
- added my
bundle id
to the list of authorized clients in devise.rb: com.myapp.app - Send the identityToken as
id_token
and authorizationCode ascode
to the backend as a POST request.
I keep getting the error(apple) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected whenever the request is sent.
Any help would be appreciated.
from omniauth-apple.
from omniauth-apple.
Related Issues (20)
- Authentication failure! HTTP Origin header (https://appleid.apple.com) didn't match request.base_url (https://mysite.com) HOT 8
- nonce is optional in callback HOT 13
- Getting error as id_token_claims_invalid | nonce invalid HOT 2
- Authentication failure! no implicit conversion of String into Array: TypeError, no implicit conversion of String into Array
- Apple SSO Callback Phase throws a OAuth2::AccessToken.from_hash error HOT 1
- ERROR -- omniauth: (apple) Authentication failure! invalid_credentials: OAuth2::Error, invalid_request: {"error":"invalid_request"} HOT 2
- Please, add to Readme some important settings. HOT 3
- Does not return firstName and lastName HOT 2
- Doesn't receive code in mobile browser HOT 2
- "stored_nonce" is nil due to different sessions HOT 9
- Authentication failure! invalid_credentials: OAuth2::Error, invalid_request: {"error":"invalid_request"} HOT 2
- Is Ruby 2.1.1 supported by omniauth-apple ? HOT 3
- Error when callback ? HOT 12
- Can't use Sign In With Apple JS HOT 25
- Fetching keys fails in production HOT 8
- Nonce mismatch Error HOT 10
- Stuck on Request Phase Initiated HOT 1
- Apple's /auth/revoke supported? HOT 1
- Oauth2 version 2.0.0 breaks omniauth-apple HOT 4
- Remove version lock for rack-protection HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from omniauth-apple.