Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Social sign in with apple scope, mapping and environment variables #7793

Closed
pedramp20 opened this issue Jul 24, 2021 · 6 comments · Fixed by #7979 or #8135
Closed

Social sign in with apple scope, mapping and environment variables #7793

pedramp20 opened this issue Jul 24, 2021 · 6 comments · Fixed by #7979 or #8135
Labels
auth Issues tied to the auth category of the CLI bug Something isn't working referenced-in-release Issues referenced in a published release changelog
Projects
Bug bash Bug triage

Comments

@pedramp20
Copy link

pedramp20 commented Jul 24, 2021
edited

Recently sign in with apple option is added to the supported options in CLI (5.1.2). The hostedUIProviderMeta parameter is generated as follows:

    "hostedUIProviderMeta": "[{\"ProviderName\":\"Facebook\",\"authorize_scopes\":\"email,public_profile\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"last_name\",\"given_name\":\"first_name\",\"username\":\"id\"}},{\"ProviderName\":\"Google\",\"authorize_scopes\":\"openid email profile\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"family_name\",\"given_name\":\"given_name\",\"username\":\"sub\"}},{\"ProviderName\":\"SignInWithApple\",\"authorize_scopes\":\"email,name\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"lastName\",\"given_name\":\"firstName\"}}]",

This authorisation scope for sign in with apple is comma separated and attribute mapping is missing name to name and sub to username maps, this results in a weird configuration of the federation identity provider and mapping (a record with email,name is added on the top) in console and when redirected to Apple throws an error of "Invalid client scope"
If the checkboxes of the authorisation scope is unticked and ticked and saved in the console, the issue goes away.

The console environment variables page does not specify the default variables for sign in with apple either. Please update it.

https://docs.aws.amazon.com/amplify/latest/userguide/environment-variables.html

image
image
@pedramp20 pedramp20 changed the title Auth social sign in with apple environment variables and private key format Auth social sign in with apple scope, mapping and environment variables Jul 24, 2021
@pedramp20 pedramp20 changed the title Auth social sign in with apple scope, mapping and environment variables Social sign in with apple scope, mapping and environment variables Jul 24, 2021
@johnpc
Copy link
Contributor

johnpc commented Jul 28, 2021

Is this a bug report for the CLI? If so can you provide steps to reproduce, and describe what you expected vs what you got?

As for your comment about the doc site, I believe that page is owned by amplify console, you can open up a ticket with them here

@johnpc johnpc added pending-response Issue is pending response from the issue author pending-triage Issue is pending triage question General question and removed pending-triage Issue is pending triage labels Jul 28, 2021
@pedramp20
Copy link
Author

pedramp20 commented Jul 31, 2021
edited

Yes it is a bug report. The steps to reproduce is:

amplify update auth

Then select:

Update OAuth social providers

Then tick

Sign in with Apple

Then provide the requested information and finally

amplify push

The result is what I attached in the previous post and what is expected is this screen shot:

image

Note the first item in the list. In the previous post, email and name are squashed into one item

The environment variables are requested here #2118

@johnpc johnpc added auth Issues tied to the auth category of the CLI bug Something isn't working and removed pending-response Issue is pending response from the issue author question General question labels Aug 2, 2021
@johnpc johnpc added this to To do in Bug bash via automation Aug 2, 2021
@renebrandel renebrandel added this to To estimate in Bug triage Aug 5, 2021
@letsbelopez
Copy link
Contributor

letsbelopez commented Aug 17, 2021
edited

@pedramp20 If you'd like, you can test a fix we've been working on. https://www.npmjs.com/package/@aws-amplify/cli/v/5.3.0-siwa-update.3

@letsbelopez letsbelopez mentioned this issue Aug 17, 2021
Merged
4 tasks
@pedramp20
Copy link
Author

Thanks for the update. When are you planning to merge the changes into your master branch? As this issue is very annoying in the build pipeline and after each build the settings need to be reconfigured manually @letsbelopez

@kaustavghosh06 kaustavghosh06 moved this from To do to In progress in Bug bash Aug 27, 2021
Bug bash automation moved this from In progress to Done Sep 7, 2021
Bug triage automation moved this from To estimate to Closed Sep 7, 2021
pananapread pushed a commit that referenced this issue Sep 7, 2021
@letsbelopez
fix(amplify-category-auth): update attr mapping... (#7979)
94d2491 
* fix(amplify-category-auth): fixes being able to update siwa w/ out private key and attr mapping

Cognito SDK takes null for the private key if users want to update everything but the private key
and updating to reflect the correct attribute mapping for siwa

fix #7793

* fix(amplify-category-auth): enable update siwa w/ out private key

Co-authored-by: David Lopez <lopezbnd@amazon.com>
@github-actions github-actions bot added the referenced-in-release Issues referenced in a published release changelog label Sep 9, 2021
@github-actions
Copy link

github-actions bot commented Sep 9, 2021

👋 Hi, this issue was referenced in the v5.5.0 release!

Check out the release notes here https://github.com/aws-amplify/amplify-cli/releases/tag/v5.5.0.

@letsbelopez letsbelopez mentioned this issue Sep 9, 2021
Merged
4 tasks
marcvberg pushed a commit to marcvberg/amplify-cli that referenced this issue Oct 13, 2021
@letsbelopez @marcvberg
fix(amplify-category-auth): update attr mapping... (aws-amplify#7979)
e639e10 
* fix(amplify-category-auth): fixes being able to update siwa w/ out private key and attr mapping

Cognito SDK takes null for the private key if users want to update everything but the private key
and updating to reflect the correct attribute mapping for siwa

fix aws-amplify#7793

* fix(amplify-category-auth): enable update siwa w/ out private key

Co-authored-by: David Lopez <lopezbnd@amazon.com>
ammarkarachi pushed a commit that referenced this issue Oct 26, 2021
@letsbelopez
fix(amplify-category-auth): update attr mapping... (#8135)
a35352d 
* fix(amplify-category-auth): fixes being able to update siwa w/ out private key and attr mapping

Cognito SDK takes null for the private key if users want to update everything but the private key
and updating to reflect the correct attribute mapping for siwa

fix #7793

* fix(amplify-category-auth): enable update siwa w/ out private key

Co-authored-by: David Lopez <lopezbnd@amazon.com>
@github-actions
Copy link

github-actions bot commented Nov 8, 2021

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels for those types of questions.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
auth Issues tied to the auth category of the CLI bug Something isn't working referenced-in-release Issues referenced in a published release changelog
Projects
Bug bash
  
Done
Bug triage
Closed
Milestone
No milestone
3 participants
@johnpc @letsbelopez @pedramp20