-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Need help with testing] Feature request: Apple Signin #202
Comments
I don't have experience with Apple ID and its authentication flow. I'll have to research it, but if Apple supports OAuth2 and could return the user email address, then I guess it shouldn't be very difficult to integrate it with PocketBase. For now I'm not planning to work on this because a lot of other tasks already have piled in the roadmap, but if you want to pick it, you can see what changes are required from this closed Twitter OAuth2 PR - #118 (twitter oauth2 api currently doesn't support returning the user email address so it cannot be integrated with PocketBase). |
Sure! I will give a try! Thanks for the reply! |
This probably will need to be prioritized a little because I've recently learned from Twitter that the App store seems to have a requirement for "Apple Sign-in" if other 3rd party auth services are used:
With PocketBase v0.6.0+, we now support OAuth2 providers that don't return an email, so it shouldn't be an issue even if the Apple OAuth2 api doesn't return it. If @imWildCat couldn't find the time to work on this, I'll pick the issue after the users management refactoring in #376 |
@ganigeorgiev thanks! Yeah, please take over this work. I recently moved to a new country and am still in the process of settling down. |
Not sure if anyone is onto this. If no one is currently working on it I'm more than happy to start working on an implementation. |
@Benjii-lee Thanks, but keep in mind that PRs for new features are temporary "frozens" due to ongoing users management refactoring in #376 and it's better to wait because there will be a lot of internal changes (especially to the tests). |
I've tried to look today into this, but as @jonafeucht mentioned, it seems that you need to enroll in the "Apple Developer Program" first in order to obtain an "App ID". But unfortunately, I wasn't able to do any of this because when I clicked from web "Account > Enroll today" and tried to enroll as "Individual/Sole Proprietor", I got the following message at the final step:
I'm not sure what I've done wrong, but I'm not even allowed to change the user fields that I've entered before the final step. Additionally, looking at the Apple guides, there also seems to be a fee of $99 per year, but I'm not sure if this is only for when you want to submit something to the App store or it just an enrollment requirement? In any case, I'll have to put this feature request "on hold" unless someone with an apple developer account decide to contribute. @Benjii-lee if you want to help with this feel free to make a PR against the |
I have an active apple dev acct, how can I help? |
@ganigeorgiev I'm still relatively new to Swift but I believe that registering the app with Apple to get a valid App ID requires payment for the developer account. I'm working on a project right now that will require Apple Sign In and I have a developer account so I'll post updates here if I make any headway. |
To be honest, I'm not really sure what are all the requirements for the integration because I wasn't able to continue beyond the "App Developer Program" enrollment (and I'm still baffled why I'm getting the above error; there was no payment option or any additional verification process other than the phone text message). But anyway, for a guide I'm using the official Apple docs - https://help.apple.com/developer-account/#/devde676e696. This article also contains very detailed instructions what to do in the Apple dashboard - https://medium.com/identity-beyond-borders/how-to-configure-sign-in-with-apple-77c61e336003. Supabase also has a great documentation for this in https://supabase.com/docs/guides/auth/auth-apple. To summarize, we need to be able to allow "Sign-in with Apple" by configuring a ClientId and ClientSecret but the problem is obtaining them and creating the OAuth2 application in the Apple developer platform. |
Decided to take a crack at it, the instructions you linked were as straightforward as it gets & worked like a charm. I managed produce valid tokens and got a successful login attempt to a test URL. As best as I can tell, adding an Apple ID login option to the admin dashboard should work much in the same way as any of the other registered OAuth2 providers. For anyone looking to implement this before PocketBase officially adds support, the docs already cover handling user authentication from any OAuth2 provider and should work just fine for web apps. On the Apple Developer dashboard, make sure the return URL in your Services ID configuration points to the proper address and is using HTTPS otherwise it'll return an invalid address error. As for Swift, I'm not positive on how to integrate PocketBase with the built-in "sign in with Apple" option but manually adding in OAuth authentication (which you'd have to do anyways for something like Google sign-in) and using the generated tokens would work the same even if it's a bit more effort. Let me know if you need any help whenever this gets implemented, I'd be more than happy to generate valid tokens for you or anyone working it @ganigeorgiev! |
The problem with implementing the apple oauth flow is that currently you can only request the Also it would be cool if pocketbase could generate the client secret itself if you configure the teamid, clientid, keyid and private key. But from what I've seen there is no support for custom options for providers and I don't know if @ganigeorgiev wants to go this route. |
@n1xx1 We can add a special helper endpoint for Apple OAuth2 if that's the only limitation, but please note that the |
Hi, I was evaluating pocketbase for my app (currently using Firebase), and really want to switch to pocketbase (mainly because of its extensibility as a framework). However, this is a blocking issue, as I am only using social sign in and Apple requires you to have SIWA to submit to the App Store in this case. Some things I want to note:
I had this same error online. If you have an Apple device, can you try installing the Apple Developer app and doing enrollment from there? I was able to register my Apple developer account from within the app but not on web. Also, I am not sure how pocketbase works internally, but SIWA is a bit different than some other providers; for starters, you only get a user's name (if they supply it) on the first sign in. After that first sign in, the information you get each subsequent sign-in is extremely limited. I do also know that you will always get an email on the first sign in (not sure about subsequent ones but I frankly doubt it), but the email may be an anonymous SIWA email to protect users' privacy. |
Is there anything we can do to help with the Apple sign in? |
@sonovice Nothing has changed since my last comment in - #899 (comment). The suggested implementation in the related PR needs to be slightly refactored to minimize the After the upcoming v0.13.0 release I'll try again creating a new Apple developer account and will see if I can prioritize it. |
Unfortunately I didn't have time to update the PR. |
@n1xx1 No worries. I'll try to update it sometime next week. |
The Apple OAuth2 implementation from #1954 was merged in the |
@ganigeorgiev Sorry that I could not test it yet. I'll be back on Thursday and will give it a whirl. |
Apple Signin is also a great option. Do we have plan for it? Or could I start a draft PR for it?
The text was updated successfully, but these errors were encountered: