Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FeatherJS Apple SSO sign in issue #3482

Closed
muradkhateeb78 opened this issue May 7, 2024 · 5 comments · Fixed by #3497
Closed

FeatherJS Apple SSO sign in issue #3482

muradkhateeb78 opened this issue May 7, 2024 · 5 comments · Fixed by #3497

Comments

@muradkhateeb78
Copy link

Issue Description

I need to enable Apple SSO for my feathers.js app, so that user can log in using their Apple IDs.

I am following https://gist.github.com/rxb/e596c66b03e3262f26d9ede5d7dbab81 article for enabling Apple SSO in my application.

Following is how my configurations look.


apple: {
            key: process.env.APPLE_CLIENT_ID,
            secret: process.env.APPLE_CLIENT_SECRET,
            scope: ["openid", "name","email"],
            response: ["raw", "jwt"],
            custom_params: {
              response_type: "code id_token",
              response_mode: "form_post"
            }
          }

Expected behavior

Users should be able to log into my app with their Apple ID while, I have the 'name' and the 'email' of the user who logged in.

Actual behavior

Now it goes to the apple ID requesting authorization and Apple after signing in, redirects to the callback URL in a POST Callback request with Code and id_token in the body which should be handled by the AppleStrategy code, but it insteads returns a 201 Created response with the response message similar to the following.

  "location": "https://appleid.apple.com/auth/authorize?client_id=com.example.com&response_type=code&redirect_uri=https%3A%2F%2Fcode.example.com%2Foauth%2Fapple%2Fcallback&scope=openid&nonce=5fdf0272234ysgdd5ea7479878123c7feae39a8a",
    "session": {
        "provider": "apple",
        "dynamic": {
            "code": "cd32a2c2874lkj3K86c1788af01.0.mxtv.bjgbTN8-qLdKouwIR1amg",
            "id_token": "eyJraWQiOiJCaDZIN3JIVm1iIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnRoZWluZmluaXRlcmVhbGl0eS5jb20iLCJleLKJAHLKHJKJLKjljasldjflasjdlkj23l4jlksldfknk34j53mlaskjdflkj345lkjslfkjlkjjC3K_Z1yIvFSkWtzdEHc7rSMzTASrQvwcLEbqpVrxmrp-Gls4p916gWXfKLKDJSFLKJE480MMrD3ClmczRi2CtkZ-myIy67UrwjSialVvEJaPpUAKZ_wYbWcw2xcPXKBt-7MJa74AQKyvNqQZpNbEaAKr7Ut1xikps_rMNuTWnxEbuxOLVLgXyw5fehWYCCzOBqOE9AKZhioSLhb4WlcAQ"
        },
        "nonce": "5fdf02722307207kjh9879973c7feae39a8a"
    },
    "state": {}
}

The above message is displayed in the browser with a 201 status in response to Apple's Post Callback. I am not sure, which method of feathers is handling that and why is it returning that response while it should have inspected the id_token and extracted relevant information, for which I have implemented getEntityData and other methods.

Important Note: If I just request the "openid" scope and not "name" and "email" and remove the response_mode: "form_post", then Apple Returns a GET call which is handled by my code and it lets the user log in successfully. The problem occurs when I request "name" and "Email" and Apple sends a POST call on the callback URL. I am not sure if a POST callback is handled differently than the GET callback? If yes, can anyone please explain how a POST callback request is handled by Feathers authentication?

Feel free to ask any questions. Please answer if you have come across a similar issue. Looking forward to hear back soon.

System configuration

Feathersjs 5, Apple SSO.

NodeJS version:
v18.17.1
Operating System:
Windows

@muradkhateeb78
Copy link
Author

@daffl, anything on this please?

@daffl
Copy link
Member

daffl commented May 9, 2024

I don't think the service currently handles POST callbacks. It may have to be split into two separate services for this to work.

@daffl
Copy link
Member

daffl commented Jun 4, 2024

I have a potential fix in #3497 but it might have to be tested.

@daffl
Copy link
Member

daffl commented Jun 18, 2024

Released in v5.0.27

@muradkhateeb78
Copy link
Author

A further enhancement to fix the redirection error post the authentication, was done in version v5.0.28. Thanks @daffl <3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants