use w/ iOS client instead of web?

[obibring]

I'm trying to wrap my head around Apple's documentation and am finding it confusing. Is this library sufficient for performing the server-side aspects of Apple sign in when the authorization code is provided by a native iOS application? Are there steps that would need to be omitted / changed?

TIA

[ananay]

@obibring I think this should work for all server-side aspects of Apple Sign In. However, I'm not sure since I haven't tried Sign in with Apple on an iPhone. Before I can confidently claim that it's possible, it'll take me some time to test out if it works and I'll get back to you here with the solution once I've tested it out.

I'm leaving this open in case someone wants to jump in and help.

[aryehischechter]

I've also been working on this. I'm trying to use the authorizationCode as the code in the authorization_code request but I'm getting back invalid_grant. Have you made any headway?
@ananay, by the way, you're not bubbling up the error, just the 400 error string. Might I suggest you return the whole error in src/token.js line 61 instead of a string.

[Vardiak]

I've also been working on this. I'm trying to use the authorizationCode as the code in the authorization_code request but I'm getting back invalid_grant. Have you made any headway?
@ananay, by the way, you're not bubbling up the error, just the 400 error string. Might I suggest you return the whole error in src/token.js line 61 instead of a string.

Maybe it's too late but for the others, I had this issue and I managed to fix it thanks to this post on Apple's forum. If the authorizationCode was generated by your app, you should use your App ID as your clientId and not your service one. Hope this helps.

[arthay]

Thank you @Vardiak for your response.
@ananay please add this case in readme. Thank you.

[ananay]

Thank you guys! Really appreciate it 🙌🏻
@arthay I've added it to the README :)

[mtebele]

@ananay what about the redirect_uri parameter?

[ananay]

@mtebele I haven't used it on iOS, but I believe that stuff would deep link back to your application (I think). Correct me if I'm wrong or if someone has a better solution!

[mtebele]

@mtebele I haven't used it on iOS, but I believe that stuff would deep link back to your application (I think). Correct me if I'm wrong or if someone has a better solution!

Thanks for your response. I'm debugging it and will tell you once it's running.

Regarding to the code parameter of the auth.accessToken(code) method: it's the authorizationCode or the identityToken generated by the app? I'm using this library in the app: https://github.com/invertase/react-native-apple-authentication

[Vardiak]

You should not use redirect_uri since iOS handles everything internally. You just have to generate an authorization code using the API and send it to your server for verification. I implemented it with Flutter so I don't know about React Native.

[mtebele]

You should not use redirect_uri since iOS handles everything internally. You just have to generate an authorization code using the API and send it to your server for verification. I implemented it with Flutter so I don't know about React Native.

Ok great. I'm not using redirect_uri and it works fine.

When I call auth.accessToken(..) with the authorizationCode as the parameter it works fine.
Otherwise, auth.refreshToken(..) with the identityToken as the parameter is not working for me.

How are you managing the validation of a user on login?

[Vardiak]

You should not use redirect_uri since iOS handles everything internally. You just have to generate an authorization code using the API and send it to your server for verification. I implemented it with Flutter so I don't know about React Native.

Ok great. I'm not using redirect_uri and it works fine.

When I call auth.accessToken(..) with the authorizationCode as the parameter it works fine.
Otherwise, auth.refreshToken(..) with the identityToken as the parameter is not working for me.

How are you managing the validation of a user on login?

I only use it for login, so I don't bother with refreshToken and don't store the token anywhere. I only store the appleId.

const jwt = require('jsonwebtoken');
const AppleAuth = require('apple-auth');
const appleAuth = new AppleAuth(appleConfig, config.apple.key, 'text');

router.post('/apple/login', async (req, res) => {
    const code = req.body.code;

    try {
        const response = await appleAuth.accessToken(code);
        const data = jwt.decode(response.id_token);
        const appleId = data.sub;

        // Find user in database and do your magic
    } catch (e) {
        // Token is invalid or an error occured
    }
});

[victorykong]

The problem of 400 can check whether the passed privateKey, that is, the second parameter, is blank removed during initialization. process.env.KEY_CONTENTS.replace(/\|/g, "\n") https://glitch.com/edit/#!/flutter-sign-in-with-apple-example?path=server.js%3A53%3A49

[ibraheem88]

Changed to app id for native side auth but spent some time because i did not know this:
You need to exchange the code (which must be validated with Apple within 5 minutes) for it to be valid