Sign In with Apple is based on OAuth 2.0 and OpenID Connect, and provides a privacy-friendly way for users to sign in to websites and apps
Kaspars
Thanks for sharing your example! I’ve been working on a WordPress plugin implementation for this and the login flow was working great for the first 10 times or so. Now I’m getting “Two-Factor Authentication Required” and “You have to add additional protection to your Apple ID to continue” although the account does have the Two-Factor authentication enabled.
And the console has the following error message:
{
“serviceErrors” : [ {
“code” : “-22455”,
“message” : “Error Description not available”
} ]
}
Is is still working for you today?
HanashiDev
Hi, I got this error after login: "Your request could not be completed due to an error. Try again later."
Edit: Ok I fixed it by changing the scope. But now I got “invalid_client”
Edit2: “invalid_client” is fixed without changing anything lol
The next question is: how I get the user id and the mail by the authenticated client? Currently I have only the access code. Is there another api to get this informationen?
Farasath Ahamed
I am facing the same issue. What was the scope change you did?
Edit: Had to get rid of the scope parameter for the code flow to work
HanashiDev
"openid" is not a valid scope.
Aaron Parecki
Turns out there are some weird inconsistencies with the Apple API where these errors are only returned on the very first attempt to log in. So my later attempts were not triggering the errors.
I updated the sample code to what is required for the first run, and tested it with a brand new app in my Apple account.
Changes:
* kid
is actually required after all, tho it is apparently not required in later sign-in attempts
* name email
is the proper scope to request, and scope is completely ignored on later sign-ins
I haven’t yet found an API endpoint to return the name or email address, and I haven’t been able to find those in the ID Token either.
Aaron Parecki
That’s really strange! It’s still working for me, but I was seeing this when I was trying with an Apple ID that had just a phone number but no iOS device enrolled for 2FA.
Martin Costello
I think there’s a typo in the client_secret.rb script. headers => {
should be headers = {
HanashiDev
Is this not the same?
Martin Costello
I’m not very familiar with Ruby, but with the version installed in WSL on my laptop (ruby 2.3.1p112 (2016-04-26) [x86_64-linux-gnu]
), it throws this error: client_secret.rb:10: syntax error, unexpected =>, expecting end-of-input<br>headers => {<br> ^
Kaspars
It starting working again today without any changes to the code . The WordPress plugin is now a working prototype!
Fbk Test
Hi,
I used the “name email” as the scope parameters, but I still get the “Your request could not be completed due to an error. Try again later”. any Idea?
Aaron Parecki
Very strange. Did you try without the scopes as well? Currently this seems very in beta, and doesn’t behave consistently, and I wouldn’t be surprised if they’re rolling out changes as we speak.
Fbk Test
Yes, I tried without scope as well. So, as you mentioned maybe all of these failures are because of Beta version.
Karl Kaminski
Hi,
in our developer portal the “sign in with apple” checkbox is missing.
It’s not possible to create an app id with “sign in with apple”. It’s an enterprise account.
Do you think that matters?
Aaron Parecki
hm, I didn’t see any mention of that in the docs, and that does sound surprising. Try going through Apple’s docs on the topic from the beginning in case one of the steps is required for that to show up https://developer.apple.com…
Aaron Parecki
You’re right, thanks! It was correct in the github repo but wrong in the blog post. I just pushed a change to the post to fix it.
Opa114
Did the Cross-Platform Solution Sign In with Apple JS (Sign in with apple javascript implementation) support the relay-mail feauture? I don’t see any information about this only some demos on the web, but no one shows the hide mail option like on native ios apps. So maybe this is not supported in the JS SDK?! Has anyone information about this? thanks a lot.
efremovart
Thank you for the great tutorial, Aaron! I have created a Node.JS wrapper around Sign in with Apple REST API which can be used as npm package - https://www.npmjs.com/packa…. I hope it will be useful for Node.JS developers reading your blog
efremovart
Apple docs say that “Currently, no data set has been defined for access.”, that’s why you can’t found an API endpoint to return the name or email address.
https://developer.apple.com…