SignInWithApple not working on MacOS BigSur #729
Comments
|
We have our MacOS app ready to go, our signing is all good, push notifications and purchase are working but unfortunately we neglected to test Sign in with Apple on Big Sur with sandbox enabled (and of course there's no TestFlight equivalent for MacOS), so our submission was rejected because although it works for those of us still using MacOS Catalina (and on Big Sur with sandbox disabled), it didn't work for the reviewers on Big Sur. Our app has always offered login with email and Facebook, and we added Sign in with Apple on iOS since it became required in order to use other login methods. A small number of users are using Sign in with Apple in our app now, but it is still the least-used login method; for whatever reason, the vast majority of our users still prefer to use Facebook to log in (far more than email, even). Sign in with Apple is also required on MacOS in order to use other login methods. We could release with only email login and tell everyone they have to set up email/password login, but it wouldn't make much sense because in practice most users aren't going to do it. So we're blocked on our MacOS release by this, and we've spent a lot of time trying to figure out what we could be doing wrong that only applies to Big Sur, without success so far. Does anyone out there have an AIR app in Mac App Store using Sign in with Apple working on Big Sur? Any tips to share? We're really stuck here... |
|
How are you triggering the 'Sign in with Apple' functionality? Is there any chance of getting a simple test case together for this so that we can investigate further? From an initial view of this, there may be issues with entitlements etc but I'm assuming that you've already set those up..? thanks |
|
We are triggering "Sign in With Apple" through our own ANE, but same result can be achieved with this ANE, the desktop demo project is included: https://github.com/tuarua/Apple-Signin-ANE Would that work as a test case? If not, we can setup and send our own demo project for testing. Entitlements and everything else related to setup should be fine, since the same code works for us on MacOS versions prior to BigSur. |
|
Hi Thanks we can take a look further using that. Do you actually get any idea of where it's failing on Big Sur, if you run that without the sandbox enabled? Initial thoughts are whether there is a problem because it's not using the correct button for signing in.. one of their notes says: See https://developer.apple.com/documentation/authenticationservices/asauthorizationappleidbutton Not sure if that's going to cause this problem though.. thanks |
|
ASAuthorizationAppleIDButton is a red herring. You don't need to use their styled button. See here for my own investigations |
|
We don't know yet exactly why it's failing on BigSur, but if we find something we will be sure to update here. |
|
@mateo-kozomara one of the things we’re looking at is whether we need to have the runtime built with a later SDK and Xcode version.. we’re pushing ahead with this and will try to get a test build out ASAP.. |
|
Hello, would you have an ETA on this by any chance @ajwfrost ? Thank you!! |
|
Hi @celine-lap - the build is updated to use the later SDK, we're just checking to see if we can also build using the latest Xcode as well - but as a minimum, the release coming out in the next few days will be built using MacOS SDK 11.1 which we hope would help here - I'll upload our release candidate here when it's ready (should be on Monday). The update to use the latest Xcode will also then include a few other changes for ARM64 support which is taking a little longer but we're aiming for the end of next week for that i.e. in about 6 days. thanks |
|
Great thank you @ajwfrost |
|
Hello! @ajwfrost please let us know when you have updates for the release candidates - looking forward to start testing :) thank you so much! |
|
@celine-lap can you please use the release candidate available from the below link. The release notes aren't yet updated otherwise this is what we're currently going through the QA process with.. |
|
@ajwfrost thank you so much for the quick update. We tried it out, but are having some issues. The following command seems to resolve that issue
|
|
I am seeing the same error when packaging a captive app |
|
Okay thanks - there were some NAIP changes that happened so it looks like we're hitting this - I'll ask one of the guys to look at this first thing tomorrow.. my understanding was that the NAIP binaries would just have been brought forward from the previous SDK but I'm wondering whether there's a problem with the copying or with the code-signatures that are causing issues there... Thank you for the swift feedback! |
|
Hi - that too longer than it should have done, sorry, please see below the updated RC: |
|
@ajwfrost thank you. Looks like packaging works with this one, but unfortunately SignInWithApple still produces the same error like before. |
|
@mateo-kozomara thanks for checking this .. would it be possible for you to upload your completed app to the below link so that we can take a look and see whether we can adjust anything in-situ for this? |
|
@ajwfrost Sure. Since SignInWithApple is not supported on Developer ID builds, Im going to create a developer build, and for that to work I'm going to need the Edit: i just realised that you might have asked for the project files, I uploaded them to the provided link. |
|
Hi - sorry, missed this... actually what I was hoping for was the binary/app bundle for your final submission to Apple so that I could check the code signing. Are you notarizing it? as this is a good way to ensure that all the code-signing stuff is sorted out properly. For the Big Sur machine that I'm using, the provisioning UDID is: thanks |
|
Here is a sample Main.app made with AIR v .444 including the ANE from https://github.com/tuarua/Apple-Signin-ANE Here is a "native" Xcode project. It uses the exact same appId, Mac Developer Certificate and Provisioning Profile etc used by the AIR app. |
|
@ajwfrost I also sent a demo app to your email, since i already uploaded project files to the link you provided. |
|
@ajwfrost have you been able to test the demo app that mateo sent you? |
|
Hi @mateo-kozomara @celine-lap
Looking at the console when trying the binary, it looks like this may be something to do with a sign-in method not being configured..? Would you be able to re-build the app using the below SDK, which is built with Xcode 12.2 and includes support for arm64 binaries - so you should end up with a Universal app. If you re-create your ANE library's framework, but leave this set up as if it's just the x86_64 format in the extension.xml, it might still work there.. but that part is still tbc so let me know if there are problems. thanks |
|
Thank you @ajwfrost. I tried rebuilding the ANE with the provided SDK, and tried it out in the app, but unfortunately result seems to be the same, it still doesn't work. I sent a new demo app to your email |
|
Hello! any updates @ajwfrost ? :) thank you! |
|
@celine-lap I have kicked off the process here to try to get the appropriate updates from Apple so that we can generate our own Sign-in with Apple profiles; in the meantime we're trying to see what the differences might be between how AIR is set up here, vs how that other sample is set up. Our initial thoughts were around the fact it wasn't built on Big Sur with the latest Xcode or as a universal (x86_64+arm64) binary, but from the above, it appears this wasn't the problem. I don't suppose there are any clues from any logs or records anywhere as to why the authentication isn't working? The only thing I could see was from the output mentioned above where it ends up with |
|
Thank you @ajwfrost ! Do you have any idea of how long the process coul take with Apple? |
|
@celine-lap right, nothing in the logs sticking out unfortunately. I don't believe that something is misconfigured since it works on earlier MacOS versions |
|
Hello @ajwfrost , any updates here / any idea how long it could take with Apple? |
|
@celine-lap @mateo-kozomara so we've been looking a little more at this, there have been some updates in recent Big Sur and Xcode release so we're taking those in, just in case there is something relevant to that (we have found other issues where it dependent on the info.plist settings from within the AIR framework). The other thing we've looked at are the entitlements - I'm not sure I actually have a binary yet where it's working (i.e. non-AIR example app), but if someone could list the entitlements that are granted for that (and the code-signing debug info) it would be useful. One that's been in these non-working test cases is @tuarua would you be able to export your ExampleMac.zip project so that we get the compiled/archived .app folder from that, which would presumably then work? thanks |
|
Thanks @ajwfrost On our side, Mateo already tested all kinds of different entitlements combinations and doesn't believe the issue comes from there. Let us know if you find anything from the recent Big Sur and Xcode updates. Thank you! |
|
|
Hello! Just checking in, are there any updates on this? Thank you |
|
Hi @celine-lap @mateo-kozomara - we're currently still looking at the differences between the code signatures and entitlements, now that the building/binary architectures have been sorted out. The interesting thing is that in the code signature that you've got (in the latest "HarmanDemo.zip" file, Main.app) t's signed by a "Mac Developer" certificate, and despite it using CodeDirectory version 20500 with a minimum OS version of 720896 (11.0.0) it's actually including the sha1 hashes as well as sha256. Looking at the app uploaded by @tuarua it's signed by an "Apple Development" certificate, it has the same CodeDirectory version and minimum OS version but only includes the sha256 hashes. The minimum OS version for the AIR app is probably set due to our own build process.. I'm not sure whether this should be the issue though since the Sign In feature should presumably work on the older macOS platforms still? but it may be worth trying it with a build that has a much later minimum OS (or that matches the signature..) The only other difference we could see is the use of the get-task-allow entitlement. Am wondering whether anyone else has managed to get this working with AIR recently though..? We're getting set up here to be able to attempt to reproduce it, which will hopefully allow us to move a little quicker. thanks |
|
Hi again .. quick update to let you know our current focus here: it seems likely that the embedded provisioning profile, which we believe is required in order to ensure the "sign-in with apple" entitlement works, is not actually loaded by the AIR applications because of their build type/category. So we're looking to change these around a little and see if we can get it building/running locally with a more 'traditional' MacOS approach... |
|
Ok thanks a lot for the update @ajwfrost , let us know :) |
|
Hello @ajwfrost , are there any updates on this? |
|
Hello @ajwfrost , just checking in here, let me know if you have updates :) thanks! |
|
Hi @celine-lap - sorry for the delay, we have got into a major mess with signing certificates and accounts which is causing all sorts of problems :-( it seems that being a member of two teams with different accounts and rights but with the same app IDs is causing Xcode/codesign a bit of difficulty. So.. not a huge amount further.. I'm wondering whether we can do something that would allow you to try things independently, will try to get back to you early next week. |
|
Hello @ajwfrost , please let me know if you have any updates! |
|
Hi - so we have managed to resolve all the code-signing issues - thankfully! and just had a bit of a side-track to try to work out why the shared AIR runtime wasn't working on macOS... But one of the guys is back looking to see how we could provide a mechanism for this where the framework is loaded by a new application. Your app presumably needs to be a full "bundle" or native build, rather than just being a .air distributable that relies on the shared runtime? What we're looking at is:
Ultimately this might mean that we can have an "Xcode" target from AIR i.e. we can generate a project that people can then use to build their apps via Xcode. Part of the benefit of AIR perhaps is that you don't actually need to use Xcode! but it may help people with some edge cases if they can load in and run the AIR framework dynamically. thanks |
|
Ok thank you @ajwfrost , let us know if you've made any progress and if you need something from us! |
|
Hello! Any updates here? :) |
|
Hi @celine-lap Slow progress I'm afraid but we have got the AIR framework set up a little more as a 'framework' now - so, you can create an app using Xcode and load in AIR yourselves to display the content. I'm having to do a legal review of this though as it would change how things can be linked in... Part of me is still a little concerned though because we don't know the reason why the Sign In wasn't working in the first place. So the idea here is to have an app for which it works, then link in the AIR framework and that shouldn't then change anything... which we hope will then be acceptable to Apple! thanks |
|
Ok thank you! Keep us updated :)
…On Mon, Jul 26, 2021 at 2:33 AM Andrew Frost ***@***.***> wrote:
Hi @celine-lap <https://github.com/celine-lap> Slow progress I'm afraid
but we have got the AIR framework set up a little more as a 'framework' now
- so, you can create an app using Xcode and load in AIR yourselves to
display the content. I'm having to do a legal review of this though as it
would change how things can be linked in...
Part of me is still a little concerned though because we don't know the
reason why the Sign In wasn't working in the first place. So the idea here
is to have an app for which it works, then link in the AIR framework and
that shouldn't then change anything... which we hope will then be
acceptable to Apple!
thanks
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#729 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APCQPHEB6DVTJKFRQHL7HVTTZT6UVANCNFSM4ZA32MRQ>
.
--
Céline Lapouge
SongPop 2 Product Manager
|
|
Hello everyone :) |
|
Did this ever go anywhere? I'm currently trying to implment Apple Sign In and stumbled across this |
SignInWithApple not working on MacOS BigSur
SignInWithApple no longer works on MacOS BigSur.
Issue is happening only on MacOS BigSur, while it works fine on older MacOS versions.
Exactly the same issue can be found here on Unity platform and seems like it is resolved in Unity 2020.
Issue can be avoided by setting
com.apple.security.app-sandboxtofalse, but in that case app cannot be submitted to AppStore since they require it to betrue.Since SignInWithApple is required if you use third party SDKs to provide login functionality (we are using Facebook) we are pretty much blocked by this issue.
Steps to Reproduce
[[ASAuthorizationAppleIDProvider alloc] init];is called inside the ANEFailed to establish connection between notification center endpoint and daemon service with error: Error Domain=NSCocoaErrorDomain Code=4099 UserInfo={NSDebugDescription=} User is member of local group User belongs to local, checking passcode Authorization failed: Error Domain=NSCocoaErrorDomain Code=4099 UserInfo={NSDebugDescription=}Known Workarounds
<key>com.apple.security.app-sandbox</key> <false/>can be used in the entitlements to avoid the issue, but in that case app cannot be submitted to AppStore.The text was updated successfully, but these errors were encountered: