Hello again, sorry to bother you. I'm not sure I can understand how the apple oauth flow works. I'm testing on postman and so far there is only one way I can make it work: 1. GET request to

/auth/authorisationurl?thirdPartyId=apple

, it returns the link appending

redirect_uri=https://evt-api-dev.revod.cloud/auth/callback/apple

. 2. I click on the URL and insert my apple id credentials. 3. It correctly redirects me to the uri shown above, performing a POST request (I'm aware apple redirects with POST). 4. That URL seems to be this one https://app.swaggerhub.com/apis/supertokens/FDI/1.13.0#/ThirdPartyPasswordless%20Recipe/thirdPartyPasswordlessCallbackApple. First question: what does this URL do?

html
<!-- response I get from a POST to the above URL -->
<html>

<head>
    <script>
        window.location.replace("http://localhost:8000/auth/callback/apple?state=undefined&code=mycodehere");
    </script>
</head>

</html>

It looks like I'm always redirected to localhost, but what is this exactly? Is it trying to mask the POST request to a GET request on the webclient which is handling it? Then why it doesn't have the webclient URL instead of localhost? 5. I'm on postman so I ignore every redirect, what I do is take the

code

and use it in the following request: https://prnt.sc/Jhc4_VxgO8ZT. Everything works flawlessly, it generates the session and I'm logged in.

Here is case B: 1. GET request to

/auth/authorisationurl?thirdPartyId=apple&redirect_uri=https://evt-api-dev.revod.cloud/redirect

, it returns the link appending the redirect_uri I provided (I allowed this overriding the apis). NOTE: I need to change the URL because I need to redirect the user to a final destination whose protocol is not http, it's a native phone app one. 2. I click on the URL and insert my apple id credentials. 3. It correctly redirects me to the uri shown above:

https://evt-api-dev.revod.cloud/redirect

4. I ignore the redirect because I'm not handling it, so I perform a POST request to `/auth/signinup`: https://prnt.sc/L5JBKD_kC6Yb 5. Again, as @nkshah2 has seen yesterday, 400 error: https://prnt.sc/RZjHCS5B11Gy. Second question, look at the image, where is he taking that URL it expects the redirect on? https://prnt.sc/0hfKB_aUQ3B_ even like this it doesn't work.

I don’t think I clearly understood the second case

That seems like the case because Apple complains about a redirect uri mismatch (which is true because you are using two different URLs)

When calling

/signinup

you should be using the same redirect uri you are using in step 1

If you override it, you will have to send the whole response yourself since the originalImplemetion sends the response to the client

But that should be simple enough to do. You can copy the code from the SDK

Where am I missing to insert the url

https://evt-api-dev.revod.cloud/redirect

?

There you go, it's very simple actually

I'm trying that again to double check

I have no idea of what is setting that callback_uri https://prnt.sc/edcWCIwhc0yE

@FrAgOrDiE So yeah that flow will not be possible if you use the built in Apple provider. You could use a custom third party provider to solve this problem though (You can refer to the code here:https://github.com/supertokens/supertokens-node/blob/9.2/lib/ts/recipe/thirdparty/providers/apple.ts for setting the values) The SDK always uses that URL as the redirect uri for the built in apple provider

so,

Looks clean to me because I don't even have to pass that variable through handlers via userContext