Essentials: Apple Sign-in always returns AccessToken = null

Basically it is not contacting the backend at all, it's like it ignores the callback_url.

Do you have the entitlements added to the app and the check box in the provisioning profile on the developer portal? That is what got me initially.

@mattleibow yes this is what I have in the Entitlements.plist

    <key>com.apple.developer.applesignin</key>
    <array>
      <string>Default</string>
    </array>

and in the provisioning profile:

I don't think it has an AccessToken, only an IdToken => https://github.com/xamarin/Essentials/blob/main/Xamarin.Essentials/WebAuthenticator/AppleSignInAuthenticator.ios.cs#L50

@Redth ?

Look at: https://github.com/xamarin/Essentials/blob/main/Samples/Samples/ViewModel/WebAuthenticatorViewModel.cs#L37

AuthToken = string.Empty;
                if (r.Properties.TryGetValue("name", out var name) && !string.IsNullOrEmpty(name))
                    AuthToken += $"Name: {name}{Environment.NewLine}";
                if (r.Properties.TryGetValue("email", out var email) && !string.IsNullOrEmpty(email))
                    AuthToken += $"Email: {email}{Environment.NewLine}";
                AuthToken += r?.AccessToken ?? r?.IdToken;

I need to update the docs on this

Hi @jamesmontemagno thanks.
My understanding is that the app executes r = await AppleSignInAuthenticator.AuthenticateAsync(); and then:

1. Apple responds and you start the sign in process on the app thru the interface
2. You submit your login info to Apple
3. Apple authenticates you and then...
4. Apple should contact your backend with extra info (auth_url)
5. Your backend takes that info and continues with authentication to your own APIs
6. Your backend generates an access token and returns it to Apple ('callback_url`)
7. Apple puts that token into AccessToken and you have it available in r

Is that correct? We verified that this is what happens when we sign-in with Apple from our website UI, but it's not happening when we do it from the mobile app. Specifically, step #4 above never happens. Apple never contacts our backend...

What could cause this misbehavior?

r is our object and has a bucket of stuff in it. As you can see here it just looks to get the key if it is available https://github.com/xamarin/Essentials/blob/0dba844e8085f7cb36d62115b005620d541e0fbd/Xamarin.Essentials/WebAuthenticator/WebAuthenticatorResult.shared.cs#L43-L49

However, there is none: https://github.com/xamarin/Essentials/blob/main/Xamarin.Essentials/WebAuthenticator/AppleSignInAuthenticator.ios.cs#L49-L56

Only the id_token and authorization_code

Here are some docs as to what is inside of: https://developer.apple.com/documentation/authenticationservices/asauthorizationappleidcredential

Their full documentation: https://developer.apple.com/documentation/authenticationservices/implementing_user_authentication_with_sign_in_with_apple

Hmmm ok so at this point how is it going to be possible to obtain an access token from your own backend. Once apple authenticates you (you get userId etc), then you're just stuck there?

I believe you get back both id_token and authorization_code as well. https://medium.com/@priya_talreja/sign-in-with-apple-using-swift-5cd8695a46b6 is a good example as well

In all the samples I see tehre is no AuthToken that is returned or used. Idk.

The id_token is a JWT token which may? contain an accesstoken? But I don't think it does for Apple Sign In since there isn't really much to use that access token with.

Actually, according to their docs it's not yet used: https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse

So, no, you cannot get an access token from this service.