allow dynamic client_ids

[maxencehenneron]

When using Sign In with Apple with the native iOS flow (outside of the browser), the client_id needs to be set to the app bundle id. I want to support both web login and native login, so I need to dynamically change the client_id.

This PR adds the possibility to support a dynamic client_id.

Here's the list of changes:

• Added a config option to set the list of authorized client_ids
• Created a function "client_id" that reads the identityToken which contains the client_id used by the native view. If no identityToken is present, uses the default client_id

This is the implementation omniauth-google-oauth2 used (https://github.com/zquestz/omniauth-google-oauth2/commit/1cd603bb29499f56379aefcd6b34663ef105e165#diff-d61fbf1f9b01eceb09b00d9f200680ca)

[LesterKim]

@maxencehenneron Did this work for you? I used your code, configured the config/initializers/omniauth.rb file to include

  provider :apple, ENV['APPLE_CLIENT_ID'], '',
           {
             authorized_client_ids: ['com.xxx.www'],
             provider_ignores_state: true,
             scope: 'email name',
             team_id: ENV['APPLE_TEAM_ID'],
             key_id: ENV['APPLE_KEY_ID'],
             pem: ENV['APPLE_PRIVATE_KEY']
           }

and did not get it to work for the native iOS flow.

[LesterKim]

@maxencehenneron Did this work for you? I used your code, configured the config/initializers/omniauth.rb file to include

  provider :apple, ENV['APPLE_CLIENT_ID'], '',
           {
               authorized_client_ids: ['com.xxx.www'],
               provider_ignores_state: true,
             scope: 'email name',
             team_id: ENV['APPLE_TEAM_ID'],
             key_id: ENV['APPLE_KEY_ID'],
             pem: ENV['APPLE_PRIVATE_KEY']
           }

and did not get it to work for the native iOS flow.

@maxencehenneron I got this to work. I just needed the JWT sent as id_token.

[LesterKim]

@nhosoya I can confirm this branch works as expected.

[chirag04]

@nhosoya you think we can get this merged sometime soon. will greatly help with our release. appreciate your help 🙏

[udipl]

Yes, I'm in the same situation. @nhosoya are you available to review this?

[Dreamersoul]

hello, this is really needed, do you have any idea when will this merge?

[udipl]

Thank you, @nhosoya . Are you planning to publish a new version of the gem to rubygems.org ?

[nhosoya]

@udipl I just published it earlier. Please check it. https://rubygems.org/gems/omniauth-apple

[LesterKim]

@udipl I just published it earlier. Please check it. https://rubygems.org/gems/omniauth-apple

@ramimassoud FYI

[danovity]

@maxencehenneron @LesterKim @nhosoya How did you guys set up Sign In with Apple with the native iOS flow (outside of the browser)? I am able to set up "Sign In with Apple" within the browser, however "outside of the browser" I am not getting any user_info during even the initial sign up.

Your help is greatly appreciated.

[LesterKim]

@maxencehenneron @LesterKim @nhosoya How did you guys set up Sign In with Apple with the native iOS flow (outside of the browser)? I am able to set up "Sign In with Apple" within the browser, however "outside of the browser" I am not getting any user_info during even the initial sign up.

Your help is greatly appreciated.

The iOS client has to send the JSON web token (JWT) as the parameter id_token or access_token, but I do not remember which, and I no longer have access to @blueapron's repositories. Try both if you need to. I am not an iOS developer, but @JovannyEspinal could guide you on the iOS side of the implementation.

Edit: It is id_token as I mentioned in an earlier comment above. Of course, make sure to add the iOS application's client ID to the list of authorized_client_ids.

[danovity]

@maxencehenneron @LesterKim @nhosoya How did you guys set up Sign In with Apple with the native iOS flow (outside of the browser)? I am able to set up "Sign In with Apple" within the browser, however "outside of the browser" I am not getting any user_info during even the initial sign up. Your help is greatly appreciated.

The iOS client has to send the JSON web token (JWT) as the parameter id_token or access_token, but I do not remember which, and I no longer have access to @blueapron's repositories. Try both if you need to. I am not an iOS developer, but @JovannyEspinal could guide you on the iOS side of the implementation.

Edit: It is id_token as I mentioned in an earlier comment above. Of course, make sure to add the iOS application's client ID to the list of authorized_client_ids.

@LesterKim Thanks for the quick response, currently our iOS client is using a WKWebview that opens the web login/signup page, so essentially the signup/signin is being shared between our web and iOS app.

Do you know if we have to register another application in the Apple Developer Portal? We have currently registered just our web application.

[LesterKim]

@maxencehenneron @LesterKim @nhosoya How did you guys set up Sign In with Apple with the native iOS flow (outside of the browser)? I am able to set up "Sign In with Apple" within the browser, however "outside of the browser" I am not getting any user_info during even the initial sign up. Your help is greatly appreciated.

The iOS client has to send the JSON web token (JWT) as the parameter id_token or access_token, but I do not remember which, and I no longer have access to @blueapron's repositories. Try both if you need to. I am not an iOS developer, but @JovannyEspinal could guide you on the iOS side of the implementation. Edit: It is id_token as I mentioned in an earlier comment above. Of course, make sure to add the iOS application's client ID to the list of authorized_client_ids.

@LesterKim Thanks for the quick response, currently our iOS client is using a WKWebview that opens the web login/signup page, so essentially the signup/signin is being shared between our web and iOS app.

Do you know if we have to register another application in the Apple Developer Portal? We have currently registered just our web application.

You might have to register another application in the Apple Developer Portal. That is what I did at Blue Apron. @john-mejia Please correct me if I am wrong.