-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't use Sign In With Apple JS #68
Comments
adding this to options works for me
|
Oh interesting, what is |
Oh wait i have that nvm |
Thanks @atomgas that worked! |
Hello, am having the same issue is |
@Sadat97 yes, for me it was |
weird i used it, and still the issue is happening to be honest it also shows nonce mismatch also before this error in the logs. any ideas on how to fix this ? |
complete fix, all constants are prefixed with # config/initializers/omniauth.rb
#
Rails.application.config.middleware.use OmniAuth::Builder do
provider :apple, APPLE_CLIENT_ID, "",
{
scope: "email name",
team_id: APPLE_TEAM_ID,
key_id: APPLE_KEY_ID,
pem: APPLE_PRIVATE_KEY,
callback_path: "/redirect",
provider_ignores_state: true,
authorized_client_ids: [ APPLE_CLIENT_ID ],
},
....
end to fix the nonce mismatch issue # app/helpers/application_helper.rb
# CLIENT_ID from Apple for web
def apple_client_id
Rails.application.credentials.apple_client_id_web
end
# use this in HTML or JS
def apple_signin_nonce
session["omniauth.nonce"] ||= SecureRandom.urlsafe_base64(16)
session["omniauth.nonce"]
end |
isn't # CLIENT_ID from Apple for web the same as APPLE_CLIENT_ID? |
yes |
FWIW I was able to eliminate |
I have the same issue and the suggested fix doesn't work? provider :apple, APPLE_CLIENT_ID, '', {
scope: 'email name',
team_id: APPLE_TEAM_ID,
key_id: APPLE_KEY_ID,
pem: APPLE_PRIVATE_KEY,
authorized_client_ids: [APPLE_CLIENT_ID],
provider_ignores_state: true
} I still get
I don't use I'm, I missing something? |
I had to make a new client ID for my server, separate from my iOS app. |
@wilg I have a separate - "Services ID" and use it "Identifier" field as |
Strange, the only difference between your set up and mine is I specify |
@wilg, I found the issue the Then I started getting, due to JWT token taking too much time:
|
I have the same issue and I can't figure out what is causing it. I tried all suggestions. Is there a way to debug this? Also does anyone have better documentation on integrating Devise + Omniauth + Apple sign in? I'm wondering if I'm missing something.
|
@andreierdoss I have stopped receiving this error after getting domain name SPF checked under Certificates, Identifiers & Profiles -> More. Make sure this is the same domain you are registering your service ID with |
@RStankov Were you able to solve this? I'm facing a similar situation.
|
Downgrade the OmniAuth gem from 2.1.0 to 2.0.4 solved the following error to me.
In the mean while, I directly drop the Apple JS and use the following code to create popup window for Sign in with Apple
Finally, handle the callback url (popup) with |
Hi I'm Dan and I'm using omniauth-apple 1.0.2, and omniauth 2.0.4 and tried all of the advice in this thread but am still consistently getting this error:
I'm using the service id as the APPLE_CLIENT_ID, I have recreated the service IDs and keys multiple times already but still does not have any luck. Any help is highly appreciated. Thanks |
@dli1022 did you try the url directly? and make sure your [CALLBACK_URL] has been listed on the Apple Developers > Web Authentication Configuration
|
@taco-chen Thanks for the tip. When I used the URL you posted above, I get the Apple signin prompt and redirected to my own website, after that I get exactly the same error. Maybe my key and key id pairs are bad so that Omniauth can't decode the Apple call back post? But I have already recreated this key multiple times... |
I finally figured this out. TL;DR: The quick solution is to downgrade Oauth2 version 2+ to 1.4.10. Here are the details: The issue was caused by this breaking change introduced in Oauth2 gem version 2.0.0: oauth-xx/oauth2#312 - BREAKING: Set :basic_auth as default for :auth_scheme instead of :request_body. This was default behavior before 1.3.0. (@tetsuya, @wy193777) Apple servers needs the "client_id" and "client_secret" as part of the html body for the http POST request to get the token. But when Oauth2 sets :auth_scheme to :basic_auth, it does not add "client_id" and "client_secret" to the body. Only works when :auth_scheme == :request_body. I also opened a issue to omniauth-apple to allow for a setting to specifcy :auth_scheme to "request_body". #85 |
I guess no issues anymore except for oauth2 v2 incompatibility? |
As far as I can tell, the reason is that omniauth-apple generates a authorize url with
response_type=code
and Sign in with Apple JS generates one withresponse_type=code%20id_token
. Manually changing the omniauth-apple url in the browser to have theresponse_type=code%20id_token
also fails with the same error.The error is:
So this error seems to be originating somewhere in the omniauth oauth2 implementation: https://github.com/omniauth/omniauth-oauth2/blob/master/lib/omniauth/strategies/oauth2.rb
Seems like the answer is to support the
response_type=code%20id_token
thing but I'm not sure how...https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms
The text was updated successfully, but these errors were encountered: