fragordie
04/29/2022, 6:26 AMfragordie
04/29/2022, 6:26 AM/auth/authorisationurl?thirdPartyId=apple
, it returns the link appending redirect_uri=https://evt-api-dev.revod.cloud/auth/callback/apple
.
2. I click on the URL and insert my apple id credentials.
3. It correctly redirects me to the uri shown above, performing a POST request (I'm aware apple redirects with POST).
4. That URL seems to be this one https://app.swaggerhub.com/apis/supertokens/FDI/1.13.0#/ThirdPartyPasswordless%20Recipe/thirdPartyPasswordlessCallbackApple.
First question: what does this URL do?
html
<!-- response I get from a POST to the above URL -->
<html>
<head>
<script>
window.location.replace("http://localhost:8000/auth/callback/apple?state=undefined&code=mycodehere");
</script>
</head>
</html>
It looks like I'm always redirected to localhost, but what is this exactly? Is it trying to mask the POST request to a GET request on the webclient which is handling it? Then why it doesn't have the webclient URL instead of localhost?
5. I'm on postman so I ignore every redirect, what I do is take the code
and use it in the following request: https://prnt.sc/Jhc4_VxgO8ZT.
Everything works flawlessly, it generates the session and I'm logged in.fragordie
04/29/2022, 6:26 AM/auth/authorisationurl?thirdPartyId=apple&redirect_uri=https://evt-api-dev.revod.cloud/redirect
, it returns the link appending the redirect_uri I provided (I allowed this overriding the apis).
NOTE: I need to change the URL because I need to redirect the user to a final destination whose protocol is not http, it's a native phone app one.
2. I click on the URL and insert my apple id credentials.
3. It correctly redirects me to the uri shown above: https://evt-api-dev.revod.cloud/redirect
4. I ignore the redirect because I'm not handling it, so I perform a POST request to `/auth/signinup`: https://prnt.sc/L5JBKD_kC6Yb
5. Again, as @nkshah2 has seen yesterday, 400 error: https://prnt.sc/RZjHCS5B11Gy. Second question, look at the image, where is he taking that URL it expects the redirect on? https://prnt.sc/0hfKB_aUQ3B_ even like this it doesn't work.rp_st
04/29/2022, 6:30 AMrp_st
04/29/2022, 6:32 AMnkshah2
04/29/2022, 6:52 AMhttps://evt-api-dev.revod.cloud/redirect
as the redirect uri when trying to login with Apple
But when you call /signinup
you are using a different URL in the request paramsnkshah2
04/29/2022, 6:53 AMnkshah2
04/29/2022, 6:53 AM/signinup
you should be using the same redirect uri you are using in step 1fragordie
04/29/2022, 7:11 AMrp_st
04/29/2022, 7:15 AMrp_st
04/29/2022, 7:16 AMrp_st
04/29/2022, 7:16 AMfragordie
04/29/2022, 7:45 AMfragordie
04/29/2022, 7:46 AMhttps://evt-api-dev.revod.cloud/redirect
?rp_st
04/29/2022, 7:46 AMfragordie
04/29/2022, 7:46 AMnkshah2
04/29/2022, 8:25 AMfragordie
04/29/2022, 8:32 AMfragordie
04/29/2022, 8:32 AMnkshah2
04/29/2022, 8:34 AMfragordie
04/29/2022, 8:37 AMfragordie
04/29/2022, 8:37 AMnkshah2
04/29/2022, 8:38 AMfragordie
04/29/2022, 9:32 AMfragordie
04/29/2022, 9:32 AMnkshah2
04/29/2022, 9:35 AMnkshah2
04/29/2022, 9:50 AMfragordie
04/29/2022, 9:51 AMfragordie
04/29/2022, 9:52 AMnkshah2
04/29/2022, 9:53 AMfragordie
04/29/2022, 9:55 AMredirect_uri
? Is it the function getRedirectURI
? https://github.com/supertokens/supertokens-node/blob/9.2/lib/ts/recipe/thirdparty/providers/apple.ts#L140nkshah2
04/29/2022, 9:56 AMgetRedirectURI
correctfragordie
04/29/2022, 10:09 AMcustom-protocol://callback/apple
.
I will make the user insert an additional parameter in this request: https://prnt.sc/hSbsaCEl1lgj
So, overriding appleRedirectHandlerPOST
I read that parameter from the express request and I replace the html script url with that one.
What do you think about this approach?fragordie
04/29/2022, 10:09 AMnkshah2
04/29/2022, 10:10 AMfragordie
04/29/2022, 10:14 AMnkshah2
04/29/2022, 10:14 AM