Apple Login Fails PHP 8.1 Joomla 4.4.3

[globalada]

Please read the README.md in the repository's root and the support resources before submitting an issue.

Steps to reproduce the issue

Go to login page. Apple Login button displays.

Expected result

No error. Proper parsing of key.

Actual result

An error is produced: "object(Lcobucci\JWT\Signer\InvalidKeyProvided) It was not possible to parse your key, reason: " This occurs in "\plugins\sociallogin\apple\src\Extension\Plugin.php" in the function "getSecretKey()" when executing "$config->builder()".

Troubleshooting already performed

Tried switching to PHP 7.4. This eliminated the error above error. However I ran into a different error after sign in when the redirect happens back to "index.php?option=com_ajax&group=sociallogin&plugin=apple&format=raw" I get the error, "Class 'phpseclib\Crypt\RSA' not found in /plugins/system/sociallogin/vendor/codercat/jwk-to-pem/src/JWKConverter.php:71"

This lead me to find that JWKConverter.php is attempting to use an older version of phpseclib (either v1 or v2) but Joomla 4 is using phpseclib v3.

System information

Mandatory information

Issues without this information can not and will not be replied to.

• Joomla! version: 4.4.2
• PHP version: 8.1.27
• Am I using HTTPS: Yes
• Server Operating System: Linux
• My device's Operating System: Windows
• My device's Operating System version: 10
• Browser: Chrome
• Browser version: 122.0.6261.129

Good to have information

You can skip some or all of this information. However, the more information you provide the faster and better we can help.

• MySQL version: x.y.z
• Server type: Apache, NginX, IIS, Lighttpd, LiteSpeed, ...
• Server version: x.y.z
• Hosting company / Local server: Enter the name of your site's hosting company or the prepackaged local server (e.g. MAMP, XAMPP, WAMPServer, ...) that you're using
• Server Operating System version: e.g. Windows 10, Ubuntu 16.04, ... Type N/A if it's a live host and you have no idea.

Additional comments

Stack trace of error from my logs which is a var_dump of $e in the catch block in function getSecretKey():

object(Lcobucci\JWT\Signer\InvalidKeyProvided)#1790 (7) { ["message":protected]=> string(47) "It was not possible to parse your key, reason: " ["string":"Exception":private]=> string(0) "" ["code":protected]=> int(0) ["file":protected]=> string(96) "/public_html/libraries/vendor/lcobucci/jwt/src/Signer/InvalidKeyProvided.php" ["line":protected]=> int(17) ["trace":"Exception":private]=> array(30) { [0]=> array(5) { ["file"]=> string(85) "/public_html/libraries/vendor/lcobucci/jwt/src/Signer/OpenSSL.php" ["line"]=> int(85) ["function"]=> string(14) "cannotBeParsed" ["class"]=> string(38) "Lcobucci\JWT\Signer\InvalidKeyProvided" ["type"]=> string(2) "::" } [1]=> array(5) { ["file"]=> string(85) "/public_html/libraries/vendor/lcobucci/jwt/src/Signer/OpenSSL.php" ["line"]=> int(42) ["function"]=> string(11) "validateKey" ["class"]=> string(27) "Lcobucci\JWT\Signer\OpenSSL" ["type"]=> string(2) "->" } [2]=> array(5) { ["file"]=> string(85) "/public_html/libraries/vendor/lcobucci/jwt/src/Signer/OpenSSL.php" ["line"]=> int(18) ["function"]=> string(13) "getPrivateKey" ["class"]=> string(27) "Lcobucci\JWT\Signer\OpenSSL" ["type"]=> string(2) "->" } [3]=> array(5) { ["file"]=> string(83) "/public_html/libraries/vendor/lcobucci/jwt/src/Signer/Ecdsa.php" ["line"]=> int(38) ["function"]=> string(10) "createHash" ["class"]=> string(27) "Lcobucci\JWT\Signer\OpenSSL" ["type"]=> string(2) "->" } [4]=> array(5) { ["file"]=> string(88) "/public_html/libraries/vendor/lcobucci/jwt/src/Signer/BaseSigner.php" ["line"]=> int(38) ["function"]=> string(10) "createHash" ["class"]=> string(25) "Lcobucci\JWT\Signer\Ecdsa" ["type"]=> string(2) "->" } [5]=> array(5) { ["file"]=> string(78) "/public_html/libraries/vendor/lcobucci/jwt/src/Builder.php" ["line"]=> int(588) ["function"]=> string(4) "sign" ["class"]=> string(30) "Lcobucci\JWT\Signer\BaseSigner" ["type"]=> string(2) "->" } [6]=> array(5) { ["file"]=> string(78) "/public_html/libraries/vendor/lcobucci/jwt/src/Builder.php" ["line"]=> int(547) ["function"]=> string(15) "createSignature" ["class"]=> string(20) "Lcobucci\JWT\Builder" ["type"]=> string(2) "->" } [7]=> array(5) { ["file"]=> string(83) "/public_html/plugins/sociallogin/apple/src/Extension/Plugin.php" ["line"]=> int(359) ["function"]=> string(8) "getToken" ["class"]=> string(20) "Lcobucci\JWT\Builder" ["type"]=> string(2) "->" } [8]=> array(5) { ["file"]=> string(83) "/public_html/plugins/sociallogin/apple/src/Extension/Plugin.php" ["line"]=> int(115) ["function"]=> string(12) "getSecretKey" ["class"]=> string(48) "Joomla\Plugin\Sociallogin\Apple\Extension\Plugin" ["type"]=> string(2) "->" } [9]=> array(5) { ["file"]=> string(97) "/public_html/plugins/system/sociallogin/src/Library/Plugin/AbstractPlugin.php" ["line"]=> int(649) ["function"]=> string(12) "getConnector" ["class"]=> string(48) "Joomla\Plugin\Sociallogin\Apple\Extension\Plugin" ["type"]=> string(2) "->" } [10]=> array(5) { ["file"]=> string(97) "/public_html/plugins/system/sociallogin/src/Library/Plugin/AbstractPlugin.php" ["line"]=> int(563) ["function"]=> string(17) "getLoginButtonURL" ["class"]=> string(62) "Joomla\Plugin\System\SocialLogin\Library\Plugin\AbstractPlugin" ["type"]=> string(2) "->" } [11]=> array(5) { ["file"]=> string(81) "/public_html/libraries/vendor/joomla/event/src/Dispatcher.php" ["line"]=> int(486) ["function"]=> string(27) "onSocialLoginGetLoginButton" ["class"]=> string(62) "Joomla\Plugin\System\SocialLogin\Library\Plugin\AbstractPlugin" ["type"]=> string(2) "->" } [12]=> array(5) { ["file"]=> string(98) "/public_html/plugins/system/sociallogin/src/Library/Plugin/RunPluginsTrait.php" ["line"]=> int(29) ["function"]=> string(8) "dispatch" ["class"]=> string(23) "Joomla\Event\Dispatcher" ["type"]=> string(2) "->" } [13]=> array(5) { ["file"]=> string(106) "/public_html/plugins/system/sociallogin/src/Library/Plugin/SocialLoginButtonsTrait.php" ["line"]=> int(201) ["function"]=> string(10) "runPlugins" ["class"]=> string(54) "Joomla\Plugin\System\SocialLogin\Extension\SocialLogin" ["type"]=> string(2) "->" } [14]=> array(5) { ["file"]=> string(92) "/public_html/plugins/system/sociallogin/src/Features/ButtonInjection.php" ["line"]=> int(69) ["function"]=> string(31) "getSocialLoginButtonDefinitions" ["class"]=> string(54) "Joomla\Plugin\System\SocialLogin\Extension\SocialLogin" ["type"]=> string(2) "->" } [15]=> array(5) { ["file"]=> string(81) "/public_html/libraries/vendor/joomla/event/src/Dispatcher.php" ["line"]=> int(486) ["function"]=> string(18) "onUserLoginButtons" ["class"]=> string(54) "Joomla\Plugin\System\SocialLogin\Extension\SocialLogin" ["type"]=> string(2) "->" } [16]=> array(5) { ["file"]=> string(73) "/public_html/libraries/src/Application/EventAware.php" ["line"]=> int(111) ["function"]=> string(8) "dispatch" ["class"]=> string(23) "Joomla\Event\Dispatcher" ["type"]=> string(2) "->" } [17]=> array(5) { ["file"]=> string(78) "/public_html/libraries/src/Helper/AuthenticationHelper.php" ["line"]=> int(103) ["function"]=> string(12) "triggerEvent" ["class"]=> string(37) "Joomla\CMS\Application\WebApplication" ["type"]=> string(2) "->" } [18]=> array(5) { ["file"]=> string(83) "/public_html/components/com_virtuemart/views/user/view.html.php" ["line"]=> int(246) ["function"]=> string(15) "getLoginButtons" ["class"]=> string(38) "Joomla\CMS\Helper\AuthenticationHelper" ["type"]=> string(2) "::" } [19]=> array(5) { ["file"]=> string(79) "/public_html/components/com_virtuemart/controllers/user.php" ["line"]=> int(59) ["function"]=> string(7) "display" ["class"]=> string(18) "VirtuemartViewUser" ["type"]=> string(2) "->" } [20]=> array(5) { ["file"]=> string(80) "/public_html/libraries/src/MVC/Controller/BaseController.php" ["line"]=> int(693) ["function"]=> string(7) "display" ["class"]=> string(24) "VirtueMartControllerUser" ["type"]=> string(2) "->" } [21]=> array(5) { ["file"]=> string(73) "/public_html/components/com_virtuemart/virtuemart.php" ["line"]=> int(129) ["function"]=> string(7) "execute" ["class"]=> string(40) "Joomla\CMS\MVC\Controller\BaseController" ["type"]=> string(2) "->" } [22]=> array(4) { ["file"]=> string(87) "/public_html/libraries/src/Dispatcher/LegacyComponentDispatcher.php" ["line"]=> int(71) ["args"]=> array(1) { [0]=> string(73) "/public_html/components/com_virtuemart/virtuemart.php" } ["function"]=> string(12) "require_once" } [23]=> array(5) { ["file"]=> string(87) "/public_html/libraries/src/Dispatcher/LegacyComponentDispatcher.php" ["line"]=> int(73) ["function"]=> string(31) "Joomla\CMS\Dispatcher{closure}" ["class"]=> string(47) "Joomla\CMS\Dispatcher\LegacyComponentDispatcher" ["type"]=> string(2) "::" } [24]=> array(5) { ["file"]=> string(76) "/public_html/libraries/src/Component/ComponentHelper.php" ["line"]=> int(361) ["function"]=> string(8) "dispatch" ["class"]=> string(47) "Joomla\CMS\Dispatcher\LegacyComponentDispatcher" ["type"]=> string(2) "->" } [25]=> array(5) { ["file"]=> string(78) "/public_html/libraries/src/Application/SiteApplication.php" ["line"]=> int(208) ["function"]=> string(15) "renderComponent" ["class"]=> string(36) "Joomla\CMS\Component\ComponentHelper" ["type"]=> string(2) "::" } [26]=> array(5) { ["file"]=> string(78) "/public_html/libraries/src/Application/SiteApplication.php" ["line"]=> int(249) ["function"]=> string(8) "dispatch" ["class"]=> string(38) "Joomla\CMS\Application\SiteApplication" ["type"]=> string(2) "->" } [27]=> array(5) { ["file"]=> string(77) "/public_html/libraries/src/Application/CMSApplication.php" ["line"]=> int(293) ["function"]=> string(9) "doExecute" ["class"]=> string(38) "Joomla\CMS\Application\SiteApplication" ["type"]=> string(2) "->" } [28]=> array(5) { ["file"]=> string(49) "/public_html/includes/app.php" ["line"]=> int(61) ["function"]=> string(7) "execute" ["class"]=> string(37) "Joomla\CMS\Application\CMSApplication" ["type"]=> string(2) "->" } [29]=> array(4) { ["file"]=> string(42) "/public_html/index.php" ["line"]=> int(32) ["args"]=> array(1) { [0]=> string(49) "/public_html/includes/app.php" } ["function"]=> string(12) "require_once" } } ["previous":"Exception":private]=> NULL }

[BeauB]

I'm the OP. I posted under the wrong account. Sorry globalada.

I found the initial problem here but it seems to be a Joomla 4 core issue. Maybe you can correct me. Anyway, the issue is in "/libraries/vendor/lcobucci/jwt/src/Signer/OpenSSL.php" in function "validateKey()". In this function it checks the key is valid with, "if(!is_resource($key))". However in PHP 8 that should be, "if($key === false)".

I found this PHP 8 compatible version of the same file: https://github.com/auth0/php-jwt/blob/3.3-php8-compatibility/src/Signer/OpenSSL.php. It works except that I had to fix the PHP version recognition because it wasn't identifying mine as PHP 8 even though it was.

So with that issue resolved I'm again facing the issue I had when trying PHP 7.4: Class "phpseclib\Crypt\RSA" not found /public_html/plugins/system/sociallogin/vendor/codercat/jwk-to-pem/src/JWKConverter.php:71

This occurs after signing in to Apple and returning to "index.php?option=com_ajax&group=sociallogin&plugin=apple&format=raw"

Thanks!

[BeauB]

Updating JWKConverter to this newer version fixed that error: https://github.com/acodercat/php-jwk-to-pem/blob/master/src/JWKConverter.php

Now on to a new error after signing in to Apple and returning to "index.php?option=com_ajax&group=sociallogin&plugin=apple&format=raw" : Class "Lcobucci\JWT\Validation\Constraint\LooseValidAt" not found /public_html/plugins/sociallogin/apple/src/Extension/Plugin.php:208

Will update if I find a solution to this.

[nikosdion]

Which version of Social Login are you using? This is something which was addressed a couple of years ago.

[globalada]

Version is 4.7.1. I believe that is the latest. Unless I'm missing something. Just to double check I downloaded a fresh copy and compared the relevant files. Seems to be the same as what is offered here: https://www.akeeba.com/index.php?option=com_ars&view=categories&layout=repository#sociallogin-joomla

Thanks!

[BeauB]

After some consideration of your comment that this was fixed years ago I realized where the source of this issue seems to be. The problem it seems is that the plugin "plugins\sociallogin\apple" is using JWT from here, "/public_html/libraries/vendor/lcobucci/jwt/" which I believe is the Joomla core version. However it should be using JWT from here, "/public_html/plugins/system/sociallogin/vendor/lcobucci/jwt". This seems to be the version that the plugin intends to use.

You can see in the stack trace dump from my original post that function calls are going to "/public_html/libraries/vendor/lcobucci/jwt/"

I'm not familiar enough with composer/autoloader to identify why the wrong files are being used here. Hoping you can shed some light on this.

Thank you!

[nikosdion]

Yes, I realised the same thing and made a relevant change in https://github.com/akeeba/sociallogin/commit/8feb9ff8e7cd6982b2fc61c551d9e23f7ddaa00d

I did not have the time to make a dev release just yet. I will come back to this later.

[BeauB]

Thank you!

[nikosdion]

Please use the following dev release https://www.akeeba.com/download/sociallogin-dev/4-8-0-dev202403251631-rev8feb9ff.html

[BeauB]

Updated to the new release. I'm getting this error: "0 - Class "Akeeba\Plugin\Sociallogin\Apple\Extension\DateInterval" not found" on "index.php?option=com_ajax&group=sociallogin&plugin=apple&format=raw"

See screenshot

Thank you!

[nikosdion]

Please try this https://www.akeeba.com/download/sociallogin-dev/4-8-0-dev202403251734-revd530807.html

[BeauB]

Thanks. That error is resolved, after attempting a sign in attempt I get, "You do not have an account on this site that corresponds to this Apple ID."

Is it possible I have something wrong in my setup? I tried enabling, "Allow social login to non-linked accounts", "Create new user accounts", "Ignore Joomla! setting for creating user accounts", and "Bypass user validation for Apple users". All with the same result.

Screen shot:

[BeauB]

I found that in \sociallogin\apple\src\extensions\Plugin.php on line 218 in function getSocialNetworkProfileInformation() I am getting $ret['verified'] = false. If I override that and set it to "true". The login works. I'm not sure if this indicates a problem in the plugin or if there is something wrong with the account I am using to sign in or something else.

Any insight you can provide would be appreciated.

Thank you!

[nikosdion]

Sorry for the late reply. I had a lot on my plate and I only managed to circle back to that yesterday.

I found out two problems.

1. Joomla! 5 introduced some changes in the way user sessions work, making the session token randomly reset. This is what leads to random "Invalid request." replies. If you persist you would get the correct error, that no user exists on the site. This has been addressed by using a different token generation.
2. Apple does NOT provide user authentication claims in the returned JWT token when you log into your Apple ID over the web (as opposed to using a Mac, or iOS/iPadOS device with built-in authentication). This is why a new account could not be created. Since Apple is now enforcing 2FA on all accounts when logging in from the web I removed that check.

You can download and install the following dev release: https://www.akeeba.com/download/sociallogin-dev/4-8-0-dev202404180950-rev7120207.html

If you want to verify it's working before installing it, you can use the demo installation at https://myoldsite.com/

Please let me know of your results.