apple-auth icon indicating copy to clipboard operation
apple-auth copied to clipboard

Published 20 hours ago verified publisher icon ananay

use w/ iOS client instead of web?

Open obibring opened this issue 5 years ago • 12 comments

I'm trying to wrap my head around Apple's documentation and am finding it confusing. Is this library sufficient for performing the server-side aspects of Apple sign in when the authorization code is provided by a native iOS application? Are there steps that would need to be omitted / changed?

TIA

obibring avatar Oct 02 '19 21:10 obibring

@obibring I think this should work for all server-side aspects of Apple Sign In. However, I'm not sure since I haven't tried Sign in with Apple on an iPhone. Before I can confidently claim that it's possible, it'll take me some time to test out if it works and I'll get back to you here with the solution once I've tested it out.

I'm leaving this open in case someone wants to jump in and help.

ananay avatar Oct 03 '19 10:10 ananay

I've also been working on this. I'm trying to use the authorizationCode as the code in the authorization_code request but I'm getting back invalid_grant. Have you made any headway? @ananay, by the way, you're not bubbling up the error, just the 400 error string. Might I suggest you return the whole error in src/token.js line 61 instead of a string.

aryehischechter avatar Oct 29 '19 08:10 aryehischechter

I've also been working on this. I'm trying to use the authorizationCode as the code in the authorization_code request but I'm getting back invalid_grant. Have you made any headway? @ananay, by the way, you're not bubbling up the error, just the 400 error string. Might I suggest you return the whole error in src/token.js line 61 instead of a string.

Maybe it's too late but for the others, I had this issue and I managed to fix it thanks to this post on Apple's forum. If the authorizationCode was generated by your app, you should use your App ID as your clientId and not your service one. Hope this helps.

Vardiak avatar Jan 28 '20 16:01 Vardiak

Thank you @Vardiak for your response. @ananay please add this case in readme. Thank you.

arthay avatar Mar 05 '20 21:03 arthay

Thank you guys! Really appreciate it 🙌🏻 @arthay I've added it to the README :)

ananay avatar Mar 05 '20 21:03 ananay

@ananay what about the redirect_uri parameter?

mtebele avatar Apr 16 '20 22:04 mtebele

@mtebele I haven't used it on iOS, but I believe that stuff would deep link back to your application (I think). Correct me if I'm wrong or if someone has a better solution!

ananay avatar Apr 16 '20 23:04 ananay

@mtebele I haven't used it on iOS, but I believe that stuff would deep link back to your application (I think). Correct me if I'm wrong or if someone has a better solution!

Thanks for your response. I'm debugging it and will tell you once it's running.

Regarding to the code parameter of the auth.accessToken(code) method: it's the authorizationCode or the identityToken generated by the app? I'm using this library in the app: https://github.com/invertase/react-native-apple-authentication

mtebele avatar Apr 16 '20 23:04 mtebele

You should not use redirect_uri since iOS handles everything internally. You just have to generate an authorization code using the API and send it to your server for verification. I implemented it with Flutter so I don't know about React Native.

Vardiak avatar Apr 16 '20 23:04 Vardiak

You should not use redirect_uri since iOS handles everything internally. You just have to generate an authorization code using the API and send it to your server for verification. I implemented it with Flutter so I don't know about React Native.

Ok great. I'm not using redirect_uri and it works fine.

When I call auth.accessToken(..) with the authorizationCode as the parameter it works fine. Otherwise, auth.refreshToken(..) with the identityToken as the parameter is not working for me.

How are you managing the validation of a user on login?

mtebele avatar Apr 17 '20 00:04 mtebele

You should not use redirect_uri since iOS handles everything internally. You just have to generate an authorization code using the API and send it to your server for verification. I implemented it with Flutter so I don't know about React Native.

Ok great. I'm not using redirect_uri and it works fine.

When I call auth.accessToken(..) with the authorizationCode as the parameter it works fine. Otherwise, auth.refreshToken(..) with the identityToken as the parameter is not working for me.

How are you managing the validation of a user on login?

I only use it for login, so I don't bother with refreshToken and don't store the token anywhere. I only store the appleId.

const jwt = require('jsonwebtoken');
const AppleAuth = require('apple-auth');
const appleAuth = new AppleAuth(appleConfig, config.apple.key, 'text');

router.post('/apple/login', async (req, res) => {
    const code = req.body.code;

    try {
        const response = await appleAuth.accessToken(code);
        const data = jwt.decode(response.id_token);
        const appleId = data.sub;

        // Find user in database and do your magic
    } catch (e) {
        // Token is invalid or an error occured
    }
});

Vardiak avatar Apr 17 '20 00:04 Vardiak

The problem of 400 can check whether the passed privateKey, that is, the second parameter, is blank removed during initialization. process.env.KEY_CONTENTS.replace(/\|/g, "\n") https://glitch.com/edit/#!/flutter-sign-in-with-apple-example?path=server.js%3A53%3A49

victorykong avatar Jun 30 '21 09:06 victorykong

Changed to app id for native side auth but spent some time because i did not know this: You need to exchange the code (which must be validated with Apple within 5 minutes) for it to be valid

ibraheem88 avatar Apr 02 '24 23:04 ibraheem88