Check out the new free Apple Sign In
https://marketplace.coronalabs.com/corona-plugins/apple-sign-in
1 Like
Is there any way to get the credentials passed from apple? ( https://developer.apple.com/documentation/authenticationservices/asauthorizationappleidcredential )
Iâm trying to implement an authentication flow similar to whatâs outlined at https://dev.to/michalrogowski/why-sign-in-with-apple-may-take-you-more-than-5-minutes-and-how-it-works-55p6
What I meant are the additional tokens Apple is passing on to the app after authenticating:
- identityToken (JWT)
- authorizationCode
When trying your plugin and checking out the docs, I only see references to name and user id.
PS: Is it possible to build the plugin from source or is only the demo on GitHub?
Added identityToken, authorizationCode to docs and plugin
will be returned as event.identityToken, event.authorizationCode
email is returned as event.email if you put in âemailâ or ânameAndEmailâ
Great, thanks. I got it to work.
I was also confused by the fact that email/name arenât returned every time (in case anybody is also affected, this is an apple thing: https://forums.developer.apple.com/thread/119826 )
It appears that we have until June 30, 2020 to implement Apple Sign In for iOS and Mac apps, that is, if you offer FB login or email login, we must support Apple Sign In.
Apps that authenticate or set up user accounts must support Sign in with Apple if required by guideline 4.8 of the App Store Review Guidelines. Article here: https://developer.apple.com/news/?id=03262020b
@Scott_Harrison I saw this note in your build.settings.
- Do we really need to add Apple Pay to our provisioning file for the app?
entitlements =
{
[âcom.apple.developer.applesigninâ] = {âDefaultâ}, â make sure provisioning profile supports apple pay?
},
-
I also only saw ânameâ and âuserâ in the online docs. If I want the name and email, do I use ânameAndEmailâ as you wrote above?
-
will it be the full name?
I have this ready to go in my code; but I just wanted to double-check the provisioning issue here before I try and create a new build.
- does it work in TestFlight before a release?
-
yes use nameAndEmail
-
yes
-
yes
@Scott_Harrison Iâm creating a detailed and nice example for your appleSignIn plugin, and just have a couple of issues to resolve.
- Iâve looked at the link you provided and Apple Pay is not mentioned anywhere. Are you sure?
- Iâve gotten it to work by adding AppleSignIn into the App Identifier. Have you tried this?
- Once I have it working on one app, the identical code is not working on the second app. This is the last issue to resolve. Both apps have their AppleSignIn configuration as a primary key. Iâll have to do some tinkering to get both to work, I suppose.
@Scott_Harrison or anyone, how can we check if the iOS version is >=13 before making AppleSignIn available?
This is some code to check if iOS version>=13 before calling AppleSignIn.
: local v=tonumber(system.getInfo(âplatformVersionâ))
: if not v then
: --unknown version
: elseif v>=13 then
: --apple sign in button and code can go here
: end
-
it says it at the top âAn entitlement that lets your app use Sign in with Apple.â If you donât want to use that is up to you.
-
that what âmake sure provisioning profile supports apple payâ means on my documentation
Well, My provisioning profile has Apple Sign In and NOT Apple Pay, and it works fine.
@Scott_Harrison you may want to consider changing your documentation to REMOVE references to âApple Payâ, as you can see from the Apple App ID Configuration, âApple Payâ is 3rd from the top, but âSign In with Appleâ is directly underneath Push Notifications must lower on the list. The fact that I have it working in my apps now WITHOUT âApple Payâ proves it unnecessary and could also confuse other developers; just my two cents.
1 Like
Also, your documentation does not provide any information about what the json.encode(e) returns; in other words, you leave it to developers to figure it out. Here is more info that could help othersâŚ
function doAppleSignIn()
local firstName,lastName,email
local signIn = require "plugin.appleSignIn"
local function appleSignInListener(e)
local ts=json.encode(e)
print("AppleSignIn Json="..ts)
if not e.isError then
if e.fullName and e.fullName.givenName then
firstName=e.fullName.givenName
end
if e.fullName and e.fullName.familyName then
lastName=e.fullName.familyName
end
if e.email then
email=e.email
end
end
return firstName,lastName,email
end
first,last,email=signIn.show("nameAndEmail","appleSignInListener")
if not first then
-- not successful
else
-- successful
end
end
doAppleSignIn() --call the routine above
â Note 1) this code is intended for you to use ONCE per app, and then for you to save the results without having to use AppleSignIn again. Iâm not sure it will work a second time, or each time you open the app, without using the other token and authorization-related parameters you can see below. 2) you can also check if e.error=true to see if unsuccessful, but this code works and is more elegant.
Also, here are the 3 results of json.encode(e) that are possible; so your developers can understand how the Apple Sign In will respond in these 3 circumstances:
âwhen user attempting to hide email (in this case, e.isError and e.email are BOTH=NOT)
AppleSignIn Json={
ânameâ:âappleSignInâ,
âuserâ:â001577.6660c67777304b1ba24e155285388352.1422â,
âisErrorâ:false,
âfullNameâ:{âgivenNameâ:âTroyâ,âfamilyNameâ:âLyndonâ},
âidentityTokenâ:âeyJraWQiOiI4NkQ4OEtmIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnJkZ2FtZXMuZXhvZHVzdHJpdmlhIiwiZXhwIjoxNTkwNzY2ODM2LCJpYXQiOjE1OTA3NjYyMzYsInN1YiI6IjAwMTU3Ny42NjYwYzY3Nzc3MzA0YjFiYTI0ZTE1NTI4NTM4ODM1Mi4xNDIyIiwiY19oYXNoIjoiLW9IV1ZrZl9abjZNR0VabEUwNGZhUSIsImF1dGhfdGltZSI6MTU5MDc2NjIzNiwibm9uY2Vfc3VwcG9ydGVkIjp0cnVlfQ.fwsfFmAzBSH-O5hxOVXX3ZWfyPfpEUvMGZPS6Xdi2KbHLICFlVR7ZLCTxdmg0fx4iots7BlWTPZWQPgWtCj1b1Dpe7u8YFUJnyOT7xLDFx6ekjROMy73yz2XMpDvpftZtOkqa74OK_uZAUoSYHkm7oTX_GgR47C3_RlG2Qj8zFWz2LqY0RldBRRjcRFTETjEvibcXyiuMvAlNfmDEtbbnZ2tVu2kAJs51pX23RWZJ2w09zOzIeduâvIWX2aHGEOONPZGx10Qs6RZ8Oeke3PmR9wa8uYvzgmIpFw2ozbJ77ekGQR9GTlKc07A06p0hNtji4xJ-hNTS2HeoGh3Rtsigâ,
âauthorizationCodeâ:âc25308b6cdfff42ba94ddb4ba3fd244c1.0.nrvxx.6d5tGF0r-aCRTe8Whru7WAâ}
âwhen user granted us their email (in this case, e.isError is NOT)
AppleSignIn Json={
âauthorizationCodeâ:âc386026b767e146af8568d72d786a9461.0.nrvxx.IO-7UXtFvHH1dmOKUlj_8Qâ,
âisErrorâ:false,
âuserâ:â001577.6660c67777304b1ba24e155285388352.1422â,
âfullNameâ:{âgivenNameâ:âTroyâ,âfamilyNameâ:âLyndonâ},
ânameâ:âappleSignInâ,
âidentityTokenâ:âeyJraWQiOiJlWGF1bm1MIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnJkZ2FtZXMuZXhvZHVzdHJpdmlhIiwiZXhwIjoxNTkwNzYzMzQyLCJpYXQiOjE1OTA3NjI3NDIsInN1YiI6IjAwMTU3Ny42NjYwYzY3Nzc3MzA0YjFiYTI0ZTE1NTI4NTM4ODM1Mi4xNDIyIiwiY19oYXNoIjoibVJTV3BwNGFFVkZJMHRDUk5sOW02USIsImF1dGhfdGltZSI6MTU5MDc2Mjc0Miwibm9uY2Vfc3VwcG9ydGVkIjp0cnVlfQ.y_C8W34jd_ZauTN-l4fGIoOx5XeN9RpkAFOk_1vZiQcwF8bWyXi7Plrdr11-WcpgztwQQeWoWL3RIAWxWdpXu8wG3rzTYu-zJOCxu6HaxoHFFyC8seaqDhRNkxIWdK_ymjPDCWenzqZZN5laMroNYOD3wMF3TCbKUUqmDfVlbymHofMA28SihqqhRFQxsRjZ6w-kqyNT8D_H8JEgExs0oZW473XhsvgkRcaZV77RimYEFmL7rTncMbhHwlInInKpBsBB3z7MS22O6MduppCK8VjPCmP3zP9srXmSaE24XrSoGHqcSkXQZSzJ4quueczX5SwsycKQpg1T0wK7EOpMCwâ,
âemail":"troylyndon@anemaildomain.comâ}
âwhen a user cancels AppleSignIn
AppleSignIn Json={
âisErrorâ:true,
âerrorâ:âThe operation couldnât be completed. (com.apple.AuthenticationServices.AuthorizationError error 1001.)â,
ânameâ:âappleSignInâ}
Previously this plugin will return a private-relay email address when the user selects âhide email addressâ. But now, there is no private email returned. Email is only returned if the user selects âshare actual email addressâ.
It seems to be a problem @ Apple side. Most likely since a vulnerability bug was discovered.
1 Like
Inorder to get the private-email address, you will need to decode the âidentityTokenâ returned from the app. This âidentityTokenâ is acutally the JWT token. Decode and the private-email-address is in there. For PHP, I use the griffin package to decode it.
@Scott_Harrison - can you please implement the fix that @yosu discovered so that you are actually passing a valid email address, rather than requiring developers to have to create some kind of server-based code to translate the identityToken into an actual private-email-address? Please read his two posts carefully to see the problem.
@yosu @troylyndon
Let me break up the questions
First the email stuff with hiding email, it must have been an apple bug because I am running the latest apple version and Xcode and I get an email in both cases. I tested this minutes ago.
{âauthorizationCodeâ:âcd7f6937900634a8d8b5861db26fa000a.0.nvuy.kxYwVrQMQMQMh3p-E9o3rAâ,âisErrorâ:false,âuserâ:â000548.14d86617b5bd475b9d93590cd68fac82.2018â,âfullNameâ:{âgivenNameâ:âScottâ,âfamilyNameâ:âHarrisonâ},âname":âappleSignInâ,âidentityTokenâ:âeyJraWQiOiI4NkQ4OEtmIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnNjb3R0cnVsZXM0NC50ZXN0QXBwIiwiZXhwIjoxNTkyNTk1NTkyLCJpYXQiOjE1OTI1OTQ5OTIsInN1YiI6IjAwMDU0OC4xNGQ4NjYxN2I1YmQ0NzViOWQ5MzU5MGNkNjhmYWM4Mi4yMDE4IiwiY19oYXNoIjoiU2JkOHpkMGNBbTB3cVRMUGtZVFh1USIsImVtYWlsIjoiem02dGVpc2s5ckBwcml2YXRlcmVsYXkuYXBwbGVpZC5jb20iLCJlbWFpbF92ZXJpZmllZCI6InRydWUiLCJpc19wcml2YXRlX2VtYWlsIjoidHJ1ZSIsImF1dGhfdGltZSI6MTU5MjU5NDk5Miwibm9uY2Vfc3VwcG9ydGVkIjp0cnVlfQ.epNs8RUs2r_w7FGvmcEj3LfF3qLSvQebA6xKPuo6cyh__9Zj3QCcCwTtT2DC7PtpOqGVXylecGAFugYWC125L4tkvO_sqzbTGsFtnUxR17fUerBBFN4lCHgZFUCju6BdZzQGzodGoeSvkN2LLIZAK5UYpXew8Xv7wDeB5q9wmlfQJUhmQQzzOlyOJ0BVghhpILEDl-FMO214Bcr_0JrC90037_g7hdo9mVW6ldHXWMRufKVZaFsa7Chtlq9RvDEbkwkU3RiNMzy7bWwIDnEOy-AI0-YhRTD7hc69Oa-rOPrvffRam7zGsTJYjL1Q1VE7EYW3ZE_MwjLTv-rW-G2UJAâ,âemailâ:"zm6teisk9r@privaterelay.appleid.comâ}
second JWT
I am not messing with JWT stuff. There are a ton of libraries for this. I included a link lua library and dozens of other libraries for JS/PHP if you want to handle with on your server.