Closed hettiger closed 2 months ago
Ssionn
commented
5 months ago Unless an application uses a username, you could still prompt the user after the callback to a form where they can fill in their name. Basically like openai. This is huge in terms of not dealing with apple's shenanigans.
sammyaxe
commented
2 months ago it seems like scopes were not required before to get email and name? is this a recent change? also how are you updating response mode? I tried to manually change the url and it seem to have failed.
Are you dealing with the issue that email is no longer returned for response_mode=code?
hettiger
commented
2 months ago @sammyaxe I currently do not have any issues with my workaround described in the Laracasts post that I have linked to in the original issue description. Please make sure to read the details and let me know if you are still having trouble implementing this.
Ssionn
commented
2 months ago @sammyaxe @hettiger I've also implemented the workaround, works fine. shouldn't be too hard to implement.
sammyaxe
commented
2 months ago @hettiger, I actually already had your workaround implemented, and it still worked fine for old user, however at some point apple has stopped providing email and username completely instead of defaulting to private relay
hettiger
commented
2 months ago @sammyaxe if I remember correctly, you do only get the username on the very first login. Maybe this is what you are observing. You can sort of restore the behavior if you remove your service from your sign in with Apple services list on your Apple account. Then you can log in again and should be able to get the username one more time.
sammyaxe
commented
2 months ago @hettiger if you have your workaround implemented in production somewhere, can you go to https://appleid.apple.com/ and remove the already existing authorization, then try to onboard as fresh user? the behaviour that I started to get was that email is no longer returned neither on first nor on second authorization when using query response mode.
For now I switched back to form_post and it seems to work fine again, and I'm no longer getting session issues.
hettiger
commented
2 months ago Thank you for reporting this @sammyaxe
I can reproduce the issue as you described and am currently working on a new solution so that the session is not regenerated after Sign in with Apple.
Since this workaround no longer works I'll close the issue here.
New workaround: https://laracasts.com/discuss/channels/laravel/apple-login-with-socialite-clears-my-cart-session?page=1&replyId=936998
Warning: This workaround does no longer work due to changes by Apple.
The current implementation uses Apples
response_mode=form_postoption in order to support scopes. This causes Laravel to loose the session when Apple hits the callback …Also you have to mess with CSRF token protection because it's not a GET request.
There's a lot of trouble you can run into when using the Apple provider … E.g. here's an existing discussion: https://github.com/SocialiteProviders/Providers/discussions/1145
Please review my workaround with detailed explanation here: https://laracasts.com/discuss/channels/laravel/apple-login-with-socialite-clears-my-cart-session?page=1&replyId=930481
I'm not sure what would be the best way moving forward. I don't think this can be fixed without a breaking change. Maybe provide an opt-in solution + docs …?