Planning on Adding Sign In With Apple?

mryoda · July 24, 2020, 6:45pm

How do you handle callbacks with this?

Looks like quave has moved this into the mainstream, since you can now signInWithApple

Install these two https://atmospherejs.com/quave/accounts-apple, https://atmospherejs.com/quave/apple-oauth

meteor add quave:accounts-apple
meteor add quave:apple-oauth

Set up the config in settings.json alongside facebook and google oauth per this guide.

settings.json :

"apple": {
  "teamId": "yyexamplexx",
  "clientId": "com.example.client",
  "keyId": "zzexamplewq",
  "secret": "zxcvsdfasdfexamplezlongstrxcvsdfasdf",
  "redirectUri": "https://example.com/apple-redirect"
},

Client :

continueWithApple = () => {
  Meteor.loginWithApple({}, function(err, res) {
    if (err) {
      console.log(err);
    }
    //running ok
  });
};

<Form.Button
  id="appleid-signin"
  fluid
  basic
  className="continue apple"
  data-color="black"
  data-border="true"
  data-type="sign in"
  onClick={() => {
    this.continueWithApple();
  }}
>

Server:

// I had to initialize the loginWithApple…

setupAppleConfig: async () => {
  console.log("setting up apple config for login...");
  Accounts.loginServiceConfiguration.remove({
    service: "apple"
  });
  Accounts.loginServiceConfiguration.insert({
    service: "apple",
    clientId: "com.example.client",
    responseType: "code",
    responseMode: "query",
    redirectUri: "https://example.com/apple-redirect",
    scope: "name email"
  });
},

Opens a popup, which prompts you to login, then redirects you to the redirectUri, but how do you handle this redirect auth?

mryoda · August 11, 2020, 6:25pm

I’m working on getting this integrated with iOS app @filipenevola (have used quave’s loginWithApple meteor packages). I’ve been reading lot about this and based on a few posts (post 1 , post 2 …), have realized that if you’re logging in with the Web app you need to use Client Id (aka Service Id), vs on iOS app use App Id.

So what I’ve done is that when I run the compile, which looks like:
meteor build ../output-app-folder --mobile-settings settings-staging.json --server https://example.meteorapp.com
I need to set the clientId inside the settings-staging.json to the AppId instead of clientId (Service Id):

      "apple": {
        "secret": "-----BEGIN PRIVATE KEY-----\nexample\nexample\nexample\nexample\n-----END PRIVATE KEY-----",
        "redirectUri": "https://www.example.meteorapp.com/_oauth/apple",
        "clientId": "com.ExampleAppId.url",
        "teamId": "WexampleT",
        "keyId": "UexampleU",
        "scope": "name%20email",
        "responseMode": "form_post",
        "responseType": "code",
        "service": "apple"
      }

However, I am only getting back the apple user’s information without the name and email for iOS, whereas web I’m getting everything!

Apple User info I get:

{
  "_id": "Wexampleuserf",
  "createdAt": "2020-08-10T20:14:35.084Z",
  "services": {
    "apple": {
      "accessToken": "aexample.0.mssss.LexampleA",
      "expiresAt": 1697024073077,
      "id": "001100.0f00f00f00f00f00f00f00f0.2000",
      "idToken": "elongstringasdflongstringasdflongstringasdflongstringasdflongstringasdf..._USc",
      "name": " ",
      "refreshToken": "rexample.0.mssss.LexampleA_555aaaa",
      "scope": "name email"
    }
  }
}

How can I get the full user details?

larry · October 10, 2020, 11:07pm

@mryoda did you get this sorted out?

@jramer is this integrated w/ link-accounts?

jramer · October 13, 2020, 6:40am

I haven’t taken the time to integrate it with link-accounts yet. But it’s still something I want to have working.

@mryoda
Apple only gives name and email on the first signup.
For testing purposes you can go to your Apple ID settings, appleid.apple.com, and press “stop using Apple ID” for that App/Website.
Security-> APPS & WEBSITES USING APPLE ID.
That will reset it and you will get name and email once more for that Apple ID.

I haven’t looked at qualias code, they’ve forked mine. But it sounds like we need a new setting for AppId

waldgeist · October 27, 2020, 6:20pm

I just saw that @filipenevola is working on the quave version of apple-oauth, to integrate it with Cordova. Does this mean that there is a chance that we’ll see support for “Sign in with Apple” as a standard login provider in Meteor soon?

It would be super-nice if the great work by @jramer and the quave fork would be consolidated into a new standard package somehow.

waldgeist · October 30, 2020, 2:30pm

I’ve successfully implemented the Apple OAuth workflow and it works in Chrome and Firefox.

However, on macOS Safari, there is no popup. Instead, the authentication is shown in-place, as an overlay to the web app. This breaks the workflow and no sign-in is possible. It seems as if Meteor is not prepared for this login scenario?

I had seen the comment by @jramer on that, but since quavedev:apple-oauth has been pushed to Atmosphere in the meantime, I made the naive assumption that this has been fixed in the meantime. Obviously not.

The thing is: macOS Safari is a pretty important browser for Sign in with Apple…

(I also noticed that on my testing machine the redirect goes back to localhost instead of the domain of my tunnel provider, localtunnel, although the original website is pulled from there. I have no idea why this happens.)

EDIT: Found out that only dev machines are affected. If you try this out on a real prod server, it works. The UX is a bit strange, though, because the redirect shows the login screen again briefly until the logon takes place. But it works.

jramer · October 30, 2020, 8:36pm

Yes this should work as I have my package running in production on https://bubotree.com.

waldgeist · October 31, 2020, 11:03am

I made a PR today to support the accounts-apple in meteor-link-accounts:

github.com/Meteor-Community-Packages/meteor-link-accounts

Support Sign in with Apple

Meteor-Community-Packages:master ← marblear:feature/sign-in-with-apple

opened 11:01AM - 31 Oct 20 UTC

derwaldgeist

+32 -0

This is a working version of Sign in with Apple tested with the `quave:accounts-…apple` package. I haven't tested it with the `bigowl:accounts-apple` package yet, but as they are nearly identical (the `quave` version adds a Cordova native workflow), I am pretty confident this package will work as well. There are two caveats, however: The workflow fails on macOS / iOS Safari, since these browsers uses a native login dialog instead of a popup. After the login succeeds, the redirect URI replaces the page and thus creates a new user instead, like in a regular login / signup scenario. I haven't found a way yet to avoid this. And another purely cosmetic one: `quave:accounts-apple` has changed the signature of the `requestCredential()` method in order to add a native callback as well. Unfortunately, they put this native callback at the second parameter position instead of the third, so I flipped these to be compatible with the default behavior of `Meteor.linkWith<Service>`, as you can see here: https://github.com/marblear/meteor-link-accounts/blob/feature/sign-in-with-apple/community-services/apple.js#L4 https://github.com/marblear/meteor-link-accounts/blob/feature/sign-in-with-apple/community-services/apple.js#L24 I have filed a change request here: https://github.com/quavedev/apple-oauth/issues/7 to align both signatures. I leave it up to you if you would want to merge this PR right away or await their feedback. This new callback should also be mentioned in the docs, I guess.

There are two caveats however:

The workflow fails on macOS / iOS Safari, since these browsers uses a native login dialog instead of a popup. After the login succeeds, the redirect URI replaces the page and thus creates a new user instead, like in a regular login / signup scenario. I haven’t found a way yet to avoid this.

The other one is rather cosmetic and related to the quave package, as they have changed the signature of the requestCredential() function.

I did not have time to test it with the bigowl variant, but it should work, as both versions don’t differ much. So, if anyone wants to give it a try, happy to hear your feedback.

filipenevola · October 13, 2021, 12:50pm

Just documenting the answer here as well:

These two packages should do the work:

Feel free to open issues on them if you find problems.