search

nhosoya / omniauth-apple

OmniAuth strategy for Sign In with Apple
MIT License
257 stars 98 forks source link

Apple SSO Callback Phase throws a OAuth2::AccessToken.from_hash error #108

Open boyfunky opened 11 months ago

boyfunky commented 11 months ago

I am trying to implement Apple SSO using the omniauth_apple gem in Ruby on Rails.

In my devise.rb, i have the following config

config.omniauth :apple, Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :client_id), '', {
        scope: 'email name',
        team_id: Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :team_id),
        key_id: Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :key_id),
        pem: Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :pem),
        redirect_uri: Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :redirect_uri),
        provider_ignores_state: true
      }

In my omniauth_callbacks_controller.rb, i have the following

  class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
      skip_before_action :verify_authenticity_token, only: [:apple]
      protect_from_forgery prepend: true, only: :apple

      def apple
        puts "==== GOT INTO APPLE======="
        auth_hash = request.env['omniauth.auth']
      end
    end

My user.rb 

 class User < ApplicationRecord
      acts_as_tenant(:tenant)

      devise :database_authenticatable, :registerable, :recoverable, :lockable,
        :timeoutable, :rememberable, :trackable, :confirmable, :zxcvbnable,
        :omniauthable, :jwt_authenticatable,
        jwt_revocation_strategy: JwtDenyList, omniauth_providers: [:google_oauth2, :facebook, :apple]
    end

in my routes, i also have specification to receive callbacks for each provider

devise_for :users,
        only: :omniauth_callbacks,
        controllers: {omniauth_callbacks: "users/omniauth_callbacks"}

Now when i click the Sign in with Apple button, it does redirect me to sign in my username and password from Apple but when the callback phase is initiated, it returns an error and does not redirect to the controller. I get this error but I honestly do not know how or where to start to resolve it

    OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (["access_token", "id_token"]); using "access_token".
    (apple) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, id_token_claims_invalid | nonce invalid

Does anyone have experience using the omniauth_apple gem with Devise to setup and fully integrate Apple SSO on Rails? Please help

dangngoctuan commented 10 months ago

@boyfunky same issue and I resolved it. OAuth2::AccessToken.from_hash:hashcontained more than one 'token' key (["access_token", "id_token"]); using "access_token". this is a warning, you don't need to pay attention to it.

It seems to have a problem with the lastest version, so I used v1.2.2 and resolved it. But it will show a new error ERROR -- omniauth: (apple) Authentication failure! nonce_mismatch: OmniAuth::Strategies::OAuth2::CallbackError, nonce_mismatch | nonce mismatch

You have to use monkey patch here https://github.com/nhosoya/omniauth-apple/issues/76#issuecomment-930891853

Hope to help you.