Amplify-js: React Native - Apple Sign In

Created on 24 Aug 2020  路  5Comments  路  Source: aws-amplify/amplify-js

I followed the doc to add Sign in with Google, Facebook and Apple from here:
https://docs.amplify.aws/lib/auth/social/q/platform/js

Google and Facebook work perfectly fine but I couldn't make Apple work after a whole day debugging.

Here's some screenshots of the flow:
Screen Shot 2020-08-24 at 5 12 21 PM Screen Shot 2020-08-24 at 5 12 43 PM Screen Shot 2020-08-24 at 5 20 10 PM

Here's my logs from the Hub

[Mon Aug 24 2020 17:20:03.980]  LOG      Hub.auth {"payload": {"data": {"url": "setmatch://?error_description=SignInWithApple+Error+-+400+invalid_client&state=wrBob3s5zqoty4YDYInEC9NL5wQnQNuK&error=invalid_request"}, "event": "parsingCallbackUrl", "message": "The callback url is being parsed"}}
[Mon Aug 24 2020 17:20:03.981]  ERROR    [ERROR] 20:03.971 OAuth - Error handling auth response. [Error: SignInWithApple+Error+-+400+invalid_client]
[Mon Aug 24 2020 17:20:04.700]  LOG      Hub.auth {"payload": {"data": [Error: SignInWithApple+Error+-+400+invalid_client], "event": "signIn_failure", "message": "The OAuth response flow failed"}}
[Mon Aug 24 2020 17:20:04.900]  LOG      signIn_failure
[Mon Aug 24 2020 17:20:04.100]  LOG      Hub.auth {"payload": {"data": [Error: SignInWithApple+Error+-+400+invalid_client], "event": "cognitoHostedUI_failure", "message": "A failure occurred when returning to the Cognito Hosted UI"}}
[Mon Aug 24 2020 17:20:04.110]  LOG      Hub.auth {"payload": {"data": [Error: SignInWithApple+Error+-+400+invalid_client], "event": "customState_failure", "message": "A failure occurred when returning state"}}

aws-exports.js

const awsmobile = {
    "aws_project_region": "us-east-1",
    "aws_cognito_identity_pool_id": "us-east-1:xxxxxx,
    "aws_cognito_region": "us-east-1",
    "aws_user_pools_id": "us-east-1_xxxxxxx",
    "aws_user_pools_web_client_id": "xxxxxx",
    "oauth": {
        "domain": "setmatch-dev.auth.us-east-1.amazoncognito.com",
        "scope": [
            "phone",
            "email",
            "openid",
            "profile",
            "aws.cognito.signin.user.admin"
        ],
        "redirectSignIn": "setmatch://",
        "redirectSignOut": "setmatch://",
        "responseType": "code"
    },
    "federationTarget": "COGNITO_USER_POOLS",
    "aws_appsync_graphqlEndpoint": "https://xxxxxx.appsync-api.us-east-1.amazonaws.com/graphql",
    "aws_appsync_region": "us-east-1",
    "aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS",
    "aws_appsync_apiKey": "xxxxxx",
    "aws_user_files_s3_bucket": "xxxxxx",
    "aws_user_files_s3_bucket_region": "us-east-1",
    "aws_mobile_analytics_app_id": "xxxxxx",
    "aws_mobile_analytics_app_region": "us-east-1"
};

Here's some Cognito screenshots
image
image
image

Here's some Apple screenshots
image
image
image

OAuth React Native to-be-reproduced
Source
picture sregg

Most helpful comment

Alright. After another afternoon debugging this with the amazing help of @amhinson, I finally made it working.
It basically was something like this:

Here's the steps I did (not sure which one helped):

  • I added the Sign in with Apple capability in my project in Xcode (pretty sure that's only needed if you use the iOS SDK, but doesn't hurt)
  • I deleted the user group created in User Pool > General settings > Users and groups > Groups > us-east-xxx_SignInWithApple
  • I disabled the Apple IDP in Federation > Identity providers > Sign in with Apple
  • I recreated that IDP (same sid, team id, key id, key file, and scopes email+name)
  • Enabled it again in App integrations > App client settings
  • Set up the attributes mapping again in Federation > Attribute mapping > Apple (email is unchecked by default)
  • Removed the app in my https://appleid.apple.com settings under Security > APPS & WEBSITES
    Hope this helps anyone who's seeing this invalid_client error
picture sregg on 25 Aug 2020
🎉3

All 5 comments

Similar to https://github.com/aws-amplify/amplify-js/issues/6547. I will take a look into this soon 馃憤

amhinson picture amhinson on 25 Aug 2020
👍1

Similar to #6547. I will take a look into this soon 馃憤

Thanks Alex.
Let me know if you'd like to have access to my code and setup to help reproduce

sregg picture sregg on 25 Aug 2020

@sregg Could you reach out to me on our Discord? It's just amhinson. That could help streamline things a bit

amhinson picture amhinson on 25 Aug 2020
👍1

Alright. After another afternoon debugging this with the amazing help of @amhinson, I finally made it working.
It basically was something like this:

Here's the steps I did (not sure which one helped):

  • I added the Sign in with Apple capability in my project in Xcode (pretty sure that's only needed if you use the iOS SDK, but doesn't hurt)
  • I deleted the user group created in User Pool > General settings > Users and groups > Groups > us-east-xxx_SignInWithApple
  • I disabled the Apple IDP in Federation > Identity providers > Sign in with Apple
  • I recreated that IDP (same sid, team id, key id, key file, and scopes email+name)
  • Enabled it again in App integrations > App client settings
  • Set up the attributes mapping again in Federation > Attribute mapping > Apple (email is unchecked by default)
  • Removed the app in my https://appleid.apple.com settings under Security > APPS & WEBSITES
    Hope this helps anyone who's seeing this invalid_client error
sregg picture sregg on 25 Aug 2020
🎉3

I'm afraid apple will reject such integration since it opens browser vs TouchId or FaceScan

ahtokca picture ahtokca on 5 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

oste picture oste  路  3Comments
callmekatootie picture callmekatootie  路  3Comments
rayhaanq picture rayhaanq  路  3Comments
guanzo picture guanzo  路  3Comments
karlmosenbacher picture karlmosenbacher  路  3Comments