FeatherJS Apple SSO sign in issue

[muradkhateeb78]

Issue Description

I need to enable Apple SSO for my feathers.js app, so that user can log in using their Apple IDs.

I am following https://gist.github.com/rxb/e596c66b03e3262f26d9ede5d7dbab81 article for enabling Apple SSO in my application.

Following is how my configurations look.

apple: {
            key: process.env.APPLE_CLIENT_ID,
            secret: process.env.APPLE_CLIENT_SECRET,
            scope: ["openid", "name","email"],
            response: ["raw", "jwt"],
            custom_params: {
              response_type: "code id_token",
              response_mode: "form_post"
            }
          }

Expected behavior

Users should be able to log into my app with their Apple ID while, I have the 'name' and the 'email' of the user who logged in.

Actual behavior

Now it goes to the apple ID requesting authorization and Apple after signing in, redirects to the callback URL in a POST Callback request with Code and id_token in the body which should be handled by the AppleStrategy code, but it insteads returns a 201 Created response with the response message similar to the following.

  "location": "https://appleid.apple.com/auth/authorize?client_id=com.example.com&response_type=code&redirect_uri=https%3A%2F%2Fcode.example.com%2Foauth%2Fapple%2Fcallback&scope=openid&nonce=5fdf0272234ysgdd5ea7479878123c7feae39a8a",
    "session": {
        "provider": "apple",
        "dynamic": {
            "code": "cd32a2c2874lkj3K86c1788af01.0.mxtv.bjgbTN8-qLdKouwIR1amg",
            "id_token": "eyJraWQiOiJCaDZIN3JIVm1iIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnRoZWluZmluaXRlcmVhbGl0eS5jb20iLCJleLKJAHLKHJKJLKjljasldjflasjdlkj23l4jlksldfknk34j53mlaskjdflkj345lkjslfkjlkjjC3K_Z1yIvFSkWtzdEHc7rSMzTASrQvwcLEbqpVrxmrp-Gls4p916gWXfKLKDJSFLKJE480MMrD3ClmczRi2CtkZ-myIy67UrwjSialVvEJaPpUAKZ_wYbWcw2xcPXKBt-7MJa74AQKyvNqQZpNbEaAKr7Ut1xikps_rMNuTWnxEbuxOLVLgXyw5fehWYCCzOBqOE9AKZhioSLhb4WlcAQ"
        },
        "nonce": "5fdf02722307207kjh9879973c7feae39a8a"
    },
    "state": {}
}

The above message is displayed in the browser with a 201 status in response to Apple's Post Callback. I am not sure, which method of feathers is handling that and why is it returning that response while it should have inspected theid_token and extracted relevant information, for which I have implemented getEntityData and other methods.

Important Note: If I just request the "openid" scope and not "name" and "email" and remove the response_mode: "form_post", then Apple Returns a GET call which is handled by my code and it lets the user log in successfully. The problem occurs when I request "name" and "Email" and Apple sends a POST call on the callback URL. I am not sure if a POST callback is handled differently than the GET callback? If yes, can anyone please explain how a POST callback request is handled by Feathers authentication?

Feel free to ask any questions. Please answer if you have come across a similar issue. Looking forward to hear back soon.

System configuration

Feathersjs 5, Apple SSO.

NodeJS version: v18.17.1 Operating System: Windows

[muradkhateeb78]

@daffl, anything on this please?

[daffl]

I don't think the service currently handles POST callbacks. It may have to be split into two separate services for this to work.

[daffl]

I have a potential fix in https://github.com/feathersjs/feathers/pull/3497 but it might have to be tested.

[daffl]

Released in v5.0.27

[muradkhateeb78]

A further enhancement to fix the redirection error post the authentication, was done in version v5.0.28. Thanks @daffl <3.