Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow dynamic client_ids #15

Merged
merged 2 commits into from May 14, 2020
Merged

allow dynamic client_ids #15

merged 2 commits into from May 14, 2020

Conversation

maxencehenneron
Copy link
Contributor

@maxencehenneron maxencehenneron commented Feb 2, 2020
edited

When using Sign In with Apple with the native iOS flow (outside of the browser), the client_id needs to be set to the app bundle id. I want to support both web login and native login, so I need to dynamically change the client_id.

This PR adds the possibility to support a dynamic client_id.

Here's the list of changes:

  • Added a config option to set the list of authorized client_ids
  • Created a function "client_id" that reads the identityToken which contains the client_id used by the native view. If no identityToken is present, uses the default client_id

This is the implementation omniauth-google-oauth2 used (zquestz/omniauth-google-oauth2@1cd603b#diff-d61fbf1f9b01eceb09b00d9f200680ca)

@LesterKim
Copy link

@maxencehenneron Did this work for you? I used your code, configured the config/initializers/omniauth.rb file to include

  provider :apple, ENV['APPLE_CLIENT_ID'], '',
           {
           	 authorized_client_ids: ['com.xxx.www'],
           	 provider_ignores_state: true,
             scope: 'email name',
             team_id: ENV['APPLE_TEAM_ID'],
             key_id: ENV['APPLE_KEY_ID'],
             pem: ENV['APPLE_PRIVATE_KEY']
           }

and did not get it to work for the native iOS flow.

@LesterKim
Copy link

@maxencehenneron Did this work for you? I used your code, configured the config/initializers/omniauth.rb file to include

  provider :apple, ENV['APPLE_CLIENT_ID'], '',
           {
           	 authorized_client_ids: ['com.xxx.www'],
           	 provider_ignores_state: true,
             scope: 'email name',
             team_id: ENV['APPLE_TEAM_ID'],
             key_id: ENV['APPLE_KEY_ID'],
             pem: ENV['APPLE_PRIVATE_KEY']
           }

and did not get it to work for the native iOS flow.

@maxencehenneron I got this to work. I just needed the JWT sent as id_token.

@LesterKim
Copy link

@nhosoya I can confirm this branch works as expected.

@chirag04
Copy link

chirag04 commented Mar 16, 2020
edited

@nhosoya you think we can get this merged sometime soon. will greatly help with our release. appreciate your help 🙏

@udipl
Copy link

udipl commented Mar 16, 2020

Yes, I'm in the same situation. @nhosoya are you available to review this?

@Dreamersoul
Copy link

hello, this is really needed, do you have any idea when will this merge?

nhosoya
nhosoya approved these changes May 14, 2020
View reviewed changes
Copy link
Owner

@nhosoya nhosoya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@maxencehenneron @LesterKim
Sorry for the very late response. And thank you.
LGTM!!

@nhosoya nhosoya merged commit aff3e96 into nhosoya:master May 14, 2020
@udipl
Copy link

udipl commented May 14, 2020

Thank you, @nhosoya . Are you planning to publish a new version of the gem to rubygems.org ?

@nhosoya
Copy link
Owner

nhosoya commented May 15, 2020

@udipl
I just published it earlier.
Please check it. https://rubygems.org/gems/omniauth-apple

@LesterKim
Copy link

@udipl
I just published it earlier.
Please check it. https://rubygems.org/gems/omniauth-apple

@ramimassoud FYI

@danovity
Copy link

@maxencehenneron @LesterKim @nhosoya How did you guys set up Sign In with Apple with the native iOS flow (outside of the browser)?
I am able to set up "Sign In with Apple" within the browser, however "outside of the browser" I am not getting any user_info during even the initial sign up.

Your help is greatly appreciated.

@LesterKim
Copy link

LesterKim commented Jun 12, 2020
edited

@maxencehenneron @LesterKim @nhosoya How did you guys set up Sign In with Apple with the native iOS flow (outside of the browser)?
I am able to set up "Sign In with Apple" within the browser, however "outside of the browser" I am not getting any user_info during even the initial sign up.

Your help is greatly appreciated.

The iOS client has to send the JSON web token (JWT) as the parameter id_token or access_token, but I do not remember which, and I no longer have access to @blueapron's repositories. Try both if you need to. I am not an iOS developer, but @JovannyEspinal could guide you on the iOS side of the implementation.

Edit: It is id_token as I mentioned in an earlier comment above. Of course, make sure to add the iOS application's client ID to the list of authorized_client_ids.

@danovity
Copy link

@maxencehenneron @LesterKim @nhosoya How did you guys set up Sign In with Apple with the native iOS flow (outside of the browser)?
I am able to set up "Sign In with Apple" within the browser, however "outside of the browser" I am not getting any user_info during even the initial sign up.
Your help is greatly appreciated.

The iOS client has to send the JSON web token (JWT) as the parameter id_token or access_token, but I do not remember which, and I no longer have access to @blueapron's repositories. Try both if you need to. I am not an iOS developer, but @JovannyEspinal could guide you on the iOS side of the implementation.

Edit: It is id_token as I mentioned in an earlier comment above. Of course, make sure to add the iOS application's client ID to the list of authorized_client_ids.

@LesterKim Thanks for the quick response, currently our iOS client is using a WKWebview that opens the web login/signup page, so essentially the signup/signin is being shared between our web and iOS app.

Do you know if we have to register another application in the Apple Developer Portal? We have currently registered just our web application.

@LesterKim
Copy link

@maxencehenneron @LesterKim @nhosoya How did you guys set up Sign In with Apple with the native iOS flow (outside of the browser)?
I am able to set up "Sign In with Apple" within the browser, however "outside of the browser" I am not getting any user_info during even the initial sign up.
Your help is greatly appreciated.

The iOS client has to send the JSON web token (JWT) as the parameter id_token or access_token, but I do not remember which, and I no longer have access to @blueapron's repositories. Try both if you need to. I am not an iOS developer, but @JovannyEspinal could guide you on the iOS side of the implementation.
Edit: It is id_token as I mentioned in an earlier comment above. Of course, make sure to add the iOS application's client ID to the list of authorized_client_ids.

@LesterKim Thanks for the quick response, currently our iOS client is using a WKWebview that opens the web login/signup page, so essentially the signup/signin is being shared between our web and iOS app.

Do you know if we have to register another application in the Apple Developer Portal? We have currently registered just our web application.

You might have to register another application in the Apple Developer Portal. That is what I did at Blue Apron. @john-mejia Please correct me if I am wrong.

@waissbluth waissbluth mentioned this pull request Jul 17, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nhosoya nhosoya nhosoya approved these changes

@LesterKim LesterKim LesterKim approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@maxencehenneron @LesterKim @chirag04 @udipl @Dreamersoul @nhosoya @danovity