search

nhosoya / omniauth-apple

OmniAuth strategy for Sign In with Apple
MIT License
260 stars 99 forks source link

Getting error as id_token_claims_invalid | nonce invalid #103

Open Vigneshb14 opened 1 year ago

Vigneshb14 commented 1 year ago

Hi,

I tried to set up the apple login and signup using omni-auth apple gem in my application.

# config/initializers/omniauth.rb:

I want to get the id_token from the response because I need the user email every time while hitting this URL

  provider :apple, Rails.application.credentials[:apple_client_id] // ID from service's bundler (eg: com.domain.api), '',
             authorized_client_ids: [Rails.application.credentials[:apple_ui_client_id]] // ID from app's identifier (eg: com.domain.app),
             scope: 'email name',
             team_id: Rails.application.credentials[:apple_team_id],
             key_id: Rails.application.credentials[:apple_key_id],
             pem: Rails.application.credentials[:apple_private_key] // add the pem content with an extra newline at the end,
             provider_ignores_state: true

Error returns:

Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, id_token_claims_invalid | nonce invalid

Please help me to sort out this error.

bvogel commented 1 year ago

possible solution is to add this monkey-patch to your initializers

bvogel commented 8 months ago

the rejected PR https://github.com/nhosoya/omniauth-apple/pull/107 offered a solution. As that was rejected I'm waiting/expecting @nov to suggest a solution that will work with a decent session configuration (as in not using SameSite: :none) and nonce working at the same time. I wouldn't hold my breath on that.