What the Heck is Sign In with Apple?

Sign In with Apple is based on OAuth 2.0 and OpenID Connect, and provides a privacy-friendly way for users to sign in to websites and apps

Kaspars

Thanks for sharing your example! I’ve been working on a WordPress plugin implementation for this and the login flow was working great for the first 10 times or so. Now I’m getting “Two-Factor Authentication Required” and “You have to add additional protection to your Apple ID to continue” although the account does have the Two-Factor authentication enabled.

https://uploads.disquscdn.c…

And the console has the following error message:

{
“serviceErrors” : [ {
“code” : “-22455”,
“message” : “Error Description not available”
} ]
}

Is is still working for you today?

HanashiDev

Hi, I got this error after login: "Your request could not be completed due to an error. Try again later."

Edit: Ok I fixed it by changing the scope. But now I got “invalid_client” :frowning:

Edit2: “invalid_client” is fixed without changing anything lol

The next question is: how I get the user id and the mail by the authenticated client? Currently I have only the access code. Is there another api to get this informationen?

Farasath Ahamed

I am facing the same issue. What was the scope change you did?

Edit: Had to get rid of the scope parameter for the code flow to work

HanashiDev

"openid" is not a valid scope.

Aaron Parecki

Turns out there are some weird inconsistencies with the Apple API where these errors are only returned on the very first attempt to log in. So my later attempts were not triggering the errors.

I updated the sample code to what is required for the first run, and tested it with a brand new app in my Apple account.

Changes:

* kid is actually required after all, tho it is apparently not required in later sign-in attempts
* name email is the proper scope to request, and scope is completely ignored on later sign-ins

I haven’t yet found an API endpoint to return the name or email address, and I haven’t been able to find those in the ID Token either.

Aaron Parecki

That’s really strange! It’s still working for me, but I was seeing this when I was trying with an Apple ID that had just a phone number but no iOS device enrolled for 2FA.

Martin Costello

I think there’s a typo in the client_secret.rb script. headers => { should be headers = {

HanashiDev

Is this not the same?

Martin Costello

I’m not very familiar with Ruby, but with the version installed in WSL on my laptop (ruby 2.3.1p112 (2016-04-26) [x86_64-linux-gnu]), it throws this error: client_secret.rb:10: syntax error, unexpected =&gt;, expecting end-of-input<br>headers =&gt; {<br> ^

Kaspars

It starting working again today without any changes to the code :man_shrugging:. The WordPress plugin is now a working prototype!

Fbk Test

Hi,

I used the “name email” as the scope parameters, but I still get the “Your request could not be completed due to an error. Try again later”. any Idea?

Aaron Parecki

Very strange. Did you try without the scopes as well? Currently this seems very in beta, and doesn’t behave consistently, and I wouldn’t be surprised if they’re rolling out changes as we speak.

Fbk Test

Yes, I tried without scope as well. So, as you mentioned maybe all of these failures are because of Beta version.

Karl Kaminski

Hi,

in our developer portal the “sign in with apple” checkbox is missing.
It’s not possible to create an app id with “sign in with apple”. It’s an enterprise account.
Do you think that matters?

Aaron Parecki

hm, I didn’t see any mention of that in the docs, and that does sound surprising. Try going through Apple’s docs on the topic from the beginning in case one of the steps is required for that to show up https://developer.apple.com…

Aaron Parecki

You’re right, thanks! It was correct in the github repo but wrong in the blog post. I just pushed a change to the post to fix it.

Opa114

Did the Cross-Platform Solution Sign In with Apple JS (Sign in with apple javascript implementation) support the relay-mail feauture? I don’t see any information about this only some demos on the web, but no one shows the hide mail option like on native ios apps. So maybe this is not supported in the JS SDK?! Has anyone information about this? thanks a lot.

efremovart

Thank you for the great tutorial, Aaron! I have created a Node.JS wrapper around Sign in with Apple REST API which can be used as npm package - https://www.npmjs.com/packa…. I hope it will be useful for Node.JS developers reading your blog

efremovart

Apple docs say that “Currently, no data set has been defined for access.”, that’s why you can’t found an API endpoint to return the name or email address.
https://developer.apple.com…