omniauth-apple
omniauth-apple copied to clipboard
nhosoya
Apple SSO Callback Phase throws a OAuth2::AccessToken.from_hash error
I am trying to implement Apple SSO using the omniauth_apple gem in Ruby on Rails.
In my devise.rb, i have the following config
config.omniauth :apple, Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :client_id), '', {
scope: 'email name',
team_id: Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :team_id),
key_id: Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :key_id),
pem: Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :pem),
redirect_uri: Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :redirect_uri),
provider_ignores_state: true
}
In my omniauth_callbacks_controller.rb, i have the following
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
skip_before_action :verify_authenticity_token, only: [:apple]
protect_from_forgery prepend: true, only: :apple
def apple
puts "==== GOT INTO APPLE======="
auth_hash = request.env['omniauth.auth']
end
end
My user.rb
class User < ApplicationRecord
acts_as_tenant(:tenant)
devise :database_authenticatable, :registerable, :recoverable, :lockable,
:timeoutable, :rememberable, :trackable, :confirmable, :zxcvbnable,
:omniauthable, :jwt_authenticatable,
jwt_revocation_strategy: JwtDenyList, omniauth_providers: [:google_oauth2, :facebook, :apple]
end
in my routes, i also have specification to receive callbacks for each provider
devise_for :users,
only: :omniauth_callbacks,
controllers: {omniauth_callbacks: "users/omniauth_callbacks"}
Now when i click the Sign in with Apple button, it does redirect me to sign in my username and password from Apple but when the callback phase is initiated, it returns an error and does not redirect to the controller. I get this error but I honestly do not know how or where to start to resolve it
OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (["access_token", "id_token"]); using "access_token".
(apple) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, id_token_claims_invalid | nonce invalid
Does anyone have experience using the omniauth_apple gem with Devise to setup and fully integrate Apple SSO on Rails? Please help
@boyfunky same issue and I resolved it.
OAuth2::AccessToken.from_hash: hash contained more than one 'token' key (["access_token", "id_token"]); using "access_token".
this is a warning, you don't need to pay attention to it.
It seems to have a problem with the lastest version, so I used v1.2.2 and resolved it. But it will show a new error
ERROR -- omniauth: (apple) Authentication failure! nonce_mismatch: OmniAuth::Strategies::OAuth2::CallbackError, nonce_mismatch | nonce mismatch
You have to use monkey patch here https://github.com/nhosoya/omniauth-apple/issues/76#issuecomment-930891853
Hope to help you.
