#<OpenSSL::PKey::ECError: invalid curve name>

[davideluque]

Hey, can I get some help to determine the issue?

Describe the bug

{
    "status": 500,
    "error": "Internal Server Error",
    "exception": "#<OpenSSL::PKey::ECError: invalid curve name>",
    "traces": {
        "Application Trace": [],
        "Framework Trace": [
            {
                "id": 0,
                "trace": "/home/david/.rbenv/versions/2.6.0/lib/ruby/gems/2.6.0/bundler/gems/omniauth-apple-8c1fba1ad680/lib/omniauth/strategies/apple.rb:83:in `initialize'"
            },
            {
                "id": 1,
                "trace": "/home/david/.rbenv/versions/2.6.0/lib/ruby/gems/2.6.0/bundler/gems/omniauth-apple-8c1fba1ad680/lib/omniauth/strategies/apple.rb:83:in `new'"
            },
            {
                "id": 2,
                "trace": "/home/david/.rbenv/versions/2.6.0/lib/ruby/gems/2.6.0/bundler/gems/omniauth-apple-8c1fba1ad680/lib/omniauth/strategies/apple.rb:83:in `private_key'"
            },
            {
                "id": 3,
                "trace": "/home/david/.rbenv/versions/2.6.0/lib/ruby/gems/2.6.0/bundler/gems/omniauth-apple-8c1fba1ad680/lib/omniauth/strategies/apple.rb:79:in `client_secret'"
            },
            {
                "id": 4,
                "trace": "/home/david/.rbenv/versions/2.6.0/lib/ruby/gems/2.6.0/bundler/gems/omniauth-apple-8c1fba1ad680/lib/omniauth/strategies/apple.rb:35:in `client'"
           }
}

To Reproduce

config/initializers/omniauth.rb

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :apple, ENV['APPLE_CLIENT_ID'], '', { scope: 'email name', team_id: ENV['APPLE_TEAM_ID'], key_id: ENV['APPLE_KEY'], pem: ENV['APPLE_PEM'] }
end

Environment variables are stored using Figaro:

APPLE_CLIENT_ID: "com.myapp.client"
APPLE_TEAM_ID: "DX4RM9AL52"
APPLE_KEY: "51KDRS24J5"
APPLE_PEM: "-----BEGIN PRIVATE KEY-----\nMIGTAgEAmBMGByqGSM49AgEgCCqGSM49AwEHBHkwdwIBAQQgsO8K8Jbcp3mJIoSu\n+HPFYiW1jNaa+MvTHxKj7Hb+b++gCgYIKoZIzj0DAQehRANCAARxcsMPCg29tjBN\nxPJ3EEpVqz4/rH/ExZSKwaIZ/nCtkvtPUS7Y7IHaBVB94OyimoPpaz4HNzppD3UE\npYRfzHK+\n-----END PRIVATE KEY-----"

Expected behavior

Additional context

• Environment variables are NOT the real ones.
• I changed the .p8 format to a .txt and edited the code in gedit to add the \n
• This helped to find out how to store the pem key in Figaro
• This talks about the same problem (invalid curve) but a different set-up

[davideluque]

Solution

OpenSSL::PKey::EC.new('YOUR_ORIGINAL_PEM_KEY').to_pem

Paste the output in the environment variable. Read below if this did not work for you.

EDIT 01/Oct/2020:

Just use the .p8 file that you downloaded from Apple and manually change the line breaks to \n. Make sure that you have a trailing \n. After changing the file you should have something similar to this:

-----BEGIN PRIVATE KEY-----\nMIGTAgEAmBMGByqGSM49AgEgCCqGSM49AwEHBHkwdwIBAQQgsO8K8Jbcp3mJIoSu\n+HPFYiW1jNaa+MvTHxKj7Hb+b++gCgYIKoZIzj0DAQehRANCAARxcsMPCg29tjBN\nxPJ3EEpVqz4/rH/ExZSKwaIZ/nCtkvtPUS7Y7IHaBVB94OyimoPpaz4HNzppD3UE\npYRfzHK+\n-----END PRIVATE KEY-----\n

Use that output as the pem value you pass to omniauth-apple.

Be sure to replace only the line breaks, otherwise, it will give you the same error.

A gotcha: use double quotes "" instead of single quotes ''. Using single quotes will throw the "invalid curve name" error. That is because double quotes and single quotes parse the \n differently. In my original solution, I used single quotes and that did not work.

--

Another way to get the private key from the file without replacing the line breaks manually:

private_key = OpenSSL::PKey::EC.new IO.read key_file Taken from How to configure Sign In with Apple

[eliduke]

Hey @davideluque! I have found myself in the same place as you, and I'm hoping I can get a little bit of help since you seem to have figured it out! My question is this...

What is the value of YOUR_ORIGINAL_PEM_KEY in your example solution? Is that the path to the file locally on your machine? Is that the string? I tried both of those things and I'm still getting the the same error:

OpenSSL::PKey::ECError: invalid curve name

Any help is much appreciated!

[davideluque]

@eliduke Hi. It is the content of the .p8 file as a string.

[eliduke]

@davideluque Hey hey! Thanks for the quick response. :) Unfortunately, not having any luck with that either. I tried adding a \n to the end of the string and I'm still getting the same error. At this point it's probably safe to say that 1) I have found some weird edge case (always happens to me) or 2) I'm doing something real dumb. 🤷‍♂

[eliduke]

YEP! I was doing something dumb, but, I don't even know what. I tried twice with adding the trailing \n and it didn't work and then I tried a third time, doing what felt like the exact same thing as the previous two, and... it worked. Classic.

And, thanks for the help! I would literally have never figured that out on my own.

I might submit a PR updating the docs a bit.

[andreierdoss]

I am having the same issue. @davideluque do you convert the .p8 file to .pem?

[davideluque]

I am having the same issue. @davideluque do you convert the .p8 file to .pem?

Hi Andrei, I took the content from the .p8 file (without modifications) and passed it as a String parameter to this class:

result = OpenSSL::PKey::EC.new('YOUR_ORIGINAL_PEM_KEY')

And did:

result.to_pem ## Put this value in your environment variable.

You can do it in the rails console.

Make sure you have a trailing \n (i.e., at the end of the string). This is a common cause of the error.

[davideluque]

PS: If you can't manage to implement the feature with omniauth, you can use https://github.com/nov/apple_id instead. I am not using omniauth and it works in my app.

I created a gist using the apple_id gem https://gist.github.com/davideluque/5a277c8ea8c31b48e35cb9d0c4ddef3e

[andreierdoss]

@davideluque thank you for sharing your solution. I got it working! I wanted to give it another try, before ditching omniauth-apple. I use Heroku for hosting, thus I opened the .p8 file, I selected the contents without any edits, and pasted in the Heroku ENV form. And as a great miracle, it worked!

[dorianmariecom]

I couldn't figure out how to properly add newlines to heroku env variables so I did:

pem: ENV.fetch("APPLE_PRIVATE_KEY").gsub("\\n", "\n")

[lxnewayfarer]

I've had same issue with OpenSSL::PKey::EC.new(raw) and invalid curve name error when tried to create key for Net::HTTP connection. Solved by using OpenSSL::PKey.read(raw)