search

feathersjs / feathers

The API and real-time application framework
https://feathersjs.com
MIT License
14.97k stars 742 forks source link

FeatherJS Apple SSO sign in issue #3482

Closed muradkhateeb78 closed 1 week ago

muradkhateeb78 commented 1 month ago

Issue Description

I need to enable Apple SSO for my feathers.js app, so that user can log in using their Apple IDs.

I am following https://gist.github.com/rxb/e596c66b03e3262f26d9ede5d7dbab81 article for enabling Apple SSO in my application.

Following is how my configurations look. 


apple: {
            key: process.env.APPLE_CLIENT_ID,
            secret: process.env.APPLE_CLIENT_SECRET,
            scope: ["openid", "name","email"],
            response: ["raw", "jwt"],
            custom_params: {
              response_type: "code id_token",
              response_mode: "form_post"
            }
          }

Expected behavior

Users should be able to log into my app with their Apple ID while, I have the 'name' and the 'email' of the user who logged in.

Actual behavior

Now it goes to the apple ID requesting authorization and Apple after signing in, redirects to the callback URL in a POST Callback request with Code and id_token in the body which should be handled by the AppleStrategy code, but it insteads returns a 201 Created response with the response message similar to the following. 

  "location": "https://appleid.apple.com/auth/authorize?client_id=com.example.com&response_type=code&redirect_uri=https%3A%2F%2Fcode.example.com%2Foauth%2Fapple%2Fcallback&scope=openid&nonce=5fdf0272234ysgdd5ea7479878123c7feae39a8a",
    "session": {
        "provider": "apple",
        "dynamic": {
            "code": "cd32a2c2874lkj3K86c1788af01.0.mxtv.bjgbTN8-qLdKouwIR1amg",
            "id_token": "eyJraWQiOiJCaDZIN3JIVm1iIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnRoZWluZmluaXRlcmVhbGl0eS5jb20iLCJleLKJAHLKHJKJLKjljasldjflasjdlkj23l4jlksldfknk34j53mlaskjdflkj345lkjslfkjlkjjC3K_Z1yIvFSkWtzdEHc7rSMzTASrQvwcLEbqpVrxmrp-Gls4p916gWXfKLKDJSFLKJE480MMrD3ClmczRi2CtkZ-myIy67UrwjSialVvEJaPpUAKZ_wYbWcw2xcPXKBt-7MJa74AQKyvNqQZpNbEaAKr7Ut1xikps_rMNuTWnxEbuxOLVLgXyw5fehWYCCzOBqOE9AKZhioSLhb4WlcAQ"
        },
        "nonce": "5fdf02722307207kjh9879973c7feae39a8a"
    },
    "state": {}
}

The above message is displayed in the browser with a 201 status in response to Apple's Post Callback. I am not sure, which method of feathers is handling that and why is it returning that response while it should have inspected theid_token and extracted relevant information, for which I have implemented getEntityData and other methods.

Important Note: If I just request the "openid" scope and not "name" and "email" and remove the response_mode: "form_post", then Apple Returns a GET call which is handled by my code and it lets the user log in successfully. The problem occurs when I request "name" and "Email" and Apple sends a POST call on the callback URL. I am not sure if a POST callback is handled differently than the GET callback? If yes, can anyone please explain how a POST callback request is handled by Feathers authentication?

Feel free to ask any questions. Please answer if you have come across a similar issue. Looking forward to hear back soon.

System configuration

Feathersjs 5, Apple SSO.

NodeJS version: v18.17.1 Operating System: Windows

muradkhateeb78 commented 1 month ago

@daffl, anything on this please?

daffl commented 1 month ago

I don't think the service currently handles POST callbacks. It may have to be split into two separate services for this to work.

daffl commented 3 weeks ago

I have a potential fix in https://github.com/feathersjs/feathers/pull/3497 but it might have to be tested.

daffl commented 1 week ago

Released in v5.0.27