Closed shinpeiyamagiwa closed 11 months ago
amhinson
commented
3 years ago @shinpeiyamagiwa Yes! We have a section in the docs about setting up an in app browser so that the OAuth flow happens within your app instead of jumping over to Safari: https://docs.amplify.aws/lib/auth/social/q/platform/js#full-samples
mcarlstein
commented
3 years ago Hello i use the in app browser but still got rejected. :(
Anyone have the same problem and know how to fix it?
response from apple.
amhinson
commented
3 years ago @mcarlstein Could you share a code snippet of your Amplify configuration and Auth. federatedSignIn() usage?
mcarlstein
commented
3 years ago Auth.federatedSignIn({ provider: 'SignInWithApple' })
then config
urlOpener
i use react-native-inappbrowser-reborn
i guess they complain about this popup.
you need more info?
amhinson
commented
3 years ago Thanks for all the info @mcarlstein! 🙏
This is the first I've heard of Apple rejecting this behavior. We will look further into alternative solutions for this, but unfortunately it is not likely to be simple due to how Cognito currently handles the OAuth2 flow. For the time being if you are in a bind, you could call Auth.federatedSignIn() without the provider to show the Cognito Hosted UI, in which the user can then select "Sign In With Apple" to continue the flow. This might require the UI to be reworked a bit, however.
mcarlstein
commented
3 years ago Yes okey thanks!
Maybe apple just having a bad day. I will try to contact them to get more information about this.
Will post here when i have more.
mcarlstein
commented
3 years ago @amhinson
just talk to an apple representative and when you log in with apple, you must not go through any external steps, but you must enter directly into the app. However, it is okay to go through extra steps when logging in with google or facebook. So now I do not really know how to solve this. Is it possible to use https://github.com/invertase/react-native-apple-authentication instead in any way?
nubpro
commented
3 years ago @mcarlstein Have you stumbled on any workaround yet?
gki
commented
3 years ago Hi @nubpro @mcarlstein @amhinson
In my project, I would like to share that Apple has accepted "Sign in with Apple" with a little change.
In urlOpener, I changed ephemeralWebSession to true, so that iOS doesn't show the dialog before opening in-app browser.
At least, about Jan, 2 React Native apps I involved have been accepted with this change.
async function urlOpener(url, redirectUrl) {
await InAppBrowser.isAvailable();
const { type, url: newUrl } = await InAppBrowser.openAuth(url, redirectUrl, {
showTitle: false,
enableUrlBarHiding: true,
enableDefaultShare: false,
ephemeralWebSession: true, // update
});
if (type === 'success') {
Linking.openURL(newUrl);
}
}in iOS, ephemeralWebSession has these pros/cons.
So I recommend to check the url before calling InAppBrowser.openAuth() and set ephemeralWebSession dynamically depends on the url.
mcarlstein
commented
3 years ago @mcarlstein Have you stumbled on any workaround yet?
No sorry I have not.
magrinj
commented
3 years ago I'm trying to get a similar behaviour with the native library for Facebook, Google and Apple and using federatedSignIn with legacy provider like so:
Facebook example:
const facebookLogin = async () => {
const result = await Facebook.logInWithReadPermissionsAsync({
permissions: ['public_profile', 'email'],
});
console.log(result);
if (result.type === 'success') {
const {data} = await facebookMe({
accessToken: result.token,
fields: ['name', 'email', 'picture', 'first_name', 'last_name'],
});
await Auth.federatedSignIn(
'facebook',
{token: result.token, expires_at: result.expirationDate.getTime()},
{name: data.name ?? '', email: data.email ?? ''},
);
}
return result;
};But for now it's not really working for me, on Facebook I got an error saying Token is not from a supported provider of this identity pool even with everything setup properly...
On google it seams to work, but federatedSignIn just return the same token as the idToken provided by google, without any accessToken or refreshToken.
mkrn
commented
2 years ago For anyone looking to use a native Sign In with Apple (SIWA), here's the work-around:
verifyAppleToken npm package to validate the tokenUnfortunately, it's NOT possible to use native SIWA with federatedSignIn (it must use hosted UI, for Cognito auth backend to generate cognito users linked to identities). I've tried many workarounds, with no luck.
DatMoser
commented
2 years ago I am actually SUPER disappointed by this conclusion. Even though I am very thankful for @mkrn and his thoughts, I really don't get why Amplify makes it so incredibly hard to provide a custom authentication flow, because Firebase already showed us how easy it can be done and I am quite shocked at how bad of a job Amplify is doing at this, especially as I do not want to settle for the mediocre UX that the HostedUI would provide my users.
Nevertheless, thanks to everybody contributing
abdallahshaban557
commented
2 years ago Hi @DatMoser - we share your frustration about how complex it is to setup CUSTOM_AUTH currently with Amplify. We have multiple conversations happening internally now to find ways to streamline this experience for our customers.
pjsandwich
commented
1 year ago Has there been any movement on this? I'm confused as to why there is documentation describing how to implement Apple Sign In with Amplify while every preliminary discussion I've looked at prior to attempting implementation seems to have its own issues. I'm personally interested in why this doesn't work.
A better question is: If I follow the Expo CLI full sample code, will this work? I'm assuming not, or this issue would be closed.
For anyone looking at a variety of attempted solutions, here are some related issues: #4689 , #6637 , #4580 , #6547
Considering Apple is now going to enforce all apps submitted to App Store to have Apple Sign In as an authentication option, I'd expect this to be a high priority item, however it seems like this is now entering its third year of issues... Hope there's some progress soon.
jadechip
commented
1 year ago @abdallahshaban557 has there been any updates internally regarding this? It still doesn't appear possible to login without having to go through Safari on iOS.
pjsandwich
commented
1 year ago @jadechip I was able to implement following the docs, however, If you have an existing iOS project you will need to generate new provisioning certificates, may be different process if you're doing bare RN vs Expo
kewur
commented
1 year ago @pjsandwich any specific docs you followed for this?
pjsandwich
commented
1 year ago @pjsandwich any specific docs you followed for this?
https://docs.amplify.aws/lib/auth/social/q/platform/react-native/#oauth-and-federation-overview and select Sign in with Apple. If you have an existing app, you won't need to create some of the Apple resources or keys, but you will need to generate new provisioning certificates.
itsramiel
commented
1 year ago Has there been any solutions to not show an external/in-app browser?
nadetastic
commented
1 year ago Hi @itsramiel currently tracking this issue, are you implementing InAppBrowser.openAuth() from react-native-inappbrowser-reborn as shown in the docs?
[1] https://docs.amplify.aws/lib/auth/social/q/platform/react-native/#full-samples
itsramiel
commented
1 year ago @nadetastic yes I am.
Just to make it clear for you. When I use InAppBrowser.openAuth(), it will open the in app browser and then show the native ios login, not the web based login which is nice.
What I am wondering and looking for is to never have the InAppBrowser open at all. Can't it make the auth call without opening a browser. It is not nice UX.
ervibern
commented
1 year ago I have Expo app with SIWA using Amplify Authentication. Took quite some time but I was able to set it up to a workable state 😅.
By using preferEphemeralSession: true option in WebBrowser.openAuthSessionAsync I'm able to prevent the dialog window (which is very frustrating UX, especially during signout) from showing BUT when I call Auth.signOut() the in-app browser still automatically opens and closes (see video). This is bad UX. Can this be solved (i.e. by a web call without the in-app browser opening)?
async function urlOpener(url, redirectUrl) {
const { type, url: newUrl } = await WebBrowser.openAuthSessionAsync(url, redirectUrl, {
preferEphemeralSession: true, // private session, so doesn't show dialog BUT asks apple verification code every time
});
if (type === 'success' && Platform.OS === 'ios') {
WebBrowser.dismissBrowser();
return Linking.openURL(newUrl);
}
}
aldensully
commented
1 year ago classic amplify, 3 years later and we still cannot have a standard sign in with apple method. The browser popup approach looks awful, there should be the native apple bottom modal that prompts you to double tap to sign in, no redirecting to the browser. This is why I switched to firebase which just works in about 10 minutes. This should absolutely be a priority and its very telling that it isn't.
abdallahshaban557
commented
1 year ago Hello everyone, we are working closely with the Amazon Cognito team to resolve this pain point. We understand that the Sign In With Apple experience through hosted UI is a sub-optimal experience, and we are working on enabling a mechanism for helping you use it natively in your apps. We will provide updates on this issue as we make progress.
nadetastic
commented
11 months ago With the release of the latest major version of Amplify (aws-amplify@>6), this issue should now be resolved! The Auth.federatedSignIn() method has been renamed to signInWithRedirect which displays the sign-in UI inside a platform-dependent webview. On iOS devices, an ASWebAuthenticationSession will be launched and, on Android, a Custom Tab.
Please refer to our release announcement, migration guide, and documentation for more information.
DarrKing
commented
4 months ago Is it really not possible to provide a way for us to pass an identity token from sign in with apple to the amplify SDK ?
aldensully
commented
2 months ago @DarrKing did you ever figure anything out? A year later and I'm still coming back to this hoping for a solution that doesn't involve a webview 😭
kewur
commented
2 months ago should be possible with custom auth flows. a lot of work on your end. we decided to just ditch cognito and move to supabase instead. it's the only part we're not using aws for, but totally worth the decision
aldensully
commented
2 months ago @kewur I am now looking to do the same thing. Are you using amplify or handling the setup manually? I'm not quite sure how I should handle passing off the auth from supabase to cognito (or if I even need to). Any help is appreciated!
DarrKing
commented
2 months ago @aldensully @kewur @aldensully Just to update.
After a lot of time wasted I gave up and used firebase auth. Superfast and easy to use. Couldn't achieve what I wanted with amplify sadly.
aldensully
commented
2 months ago @DarrKing Are you just using firebase for auth and the rest is still amplify?
DarrKing
commented
2 months ago @DarrKing Are you just using firebase for auth and the rest is still amplify?
Firebase entirely for auth. Gave up on amplify completely for anything auth related.
When I use this code, it jumps to safari, so it will be rejected by the app review. Is there a way to use sign in with apple without jumping to safari?