I saw that there is a special case for apple to set redirect

Question

I saw that there is a special case for apple to set redirect url

rp · Answer

hey < Alen>

rp · Answer

do you want the custom path just for apple Or for all providers

Alen · Answer

All providers I see that its working for google github

Alen · Answer

not for apple

rp · Answer

right < sattvikc> can help hjere

Alen · Answer

Like I have given my redirect url as https blocksurvey io signup

sattvikc · Answer

sure < Alen> which lang are u using for backend

Alen · Answer

node js express

sattvikc · Answer

cool I ll share the snippet soon

Alen · Answer

Sure thanks a lot

sattvikc · Answer

```ts ThirdParty init signInAndUpFeature providers Apple clientId clientSecret keyId teamId privateKey override apis oI => oI appleRedirectHandlerPOST async input => const redirectURL = `https blocksurvey io signup code=$ input code state=$ input state ` input options res sendHTMLResponse `

sattvikc · Answer

u will need to override this API on the backend as shown above note that on the Apple developer dashboard you will need to provide the backenddomain auth callback apple as the redirect uri This is because Apple responds back on a POST request which inturn we convert to a GET request for the frontend

sattvikc · Answer

let me know if this helps

Alen · Answer

Ok got it I will test this out and let you know Thanks a lot

Alen · Answer

This will work for ThirdpartyPasswordless as well right

Alen · Answer

my recipe is this

sattvikc · Answer

yes

Alen · Answer

If I have to test it in dev then how will this work

sattvikc · Answer

do u mean with localhost

Alen · Answer

yeah

sattvikc · Answer

the apple doesn t support localhost as redirect URI you will need to use ngrok or localtunnel kind of services which provide a https url proxied to your localhost

Alen · Answer

Ok or we can use your keys which you have provided right

Alen · Answer

for localhost will that work with this API override

sattvikc · Answer

that override won t work for the dev keys we use a different intermediate url to make the localhost work

Alen · Answer

Ok got it

sattvikc · Answer

so u would use that override for production let me check and get back if there is a way to override that for the dev keys

sattvikc · Answer

are u using the webjs or react SDK for the frontend

Alen · Answer

webjs

sattvikc · Answer

okay give me a little while shall get back on that

Alen · Answer

Sure thanks

sattvikc · Answer

okay so I suppose u r calling getAuthorisationURLFromBackend and redirecting using the returned url right

Alen · Answer

Yes

sattvikc · Answer

u could parse that and change the redirect uri query param before redirecting

Alen · Answer

`const authUrl = await getThirdPartyAuthorisationURLWithQueryParamsAndSetState providerId provider authorisationURL Constants DOMAIN URL + signup `

Alen · Answer

I m implementing like this in frontend

sattvikc · Answer

yea perfect

Alen · Answer

where provider is dynamic

sattvikc · Answer

just for apple u change the authUrl before redirect

Alen · Answer

How can I change that

Alen · Answer

`authorisationURL Constants DOMAIN URL + signup ` this should be same for all providers and this is what I m expecting

sattvikc · Answer

I understand just that apple is an exception case where we need to handle this POST to GET and the usage of dev keys makes it a bit unintutive so the backend would not have honoured the authURL you would have passed for that function

sattvikc · Answer

you could use a snippet like this to change the redirect uri

sattvikc · Answer

```ts let authURL = if provider === apple var url = new URL authURL var search params = url searchParams search params set redirect uri Constants DOMAIN URL + signup url search = search params toString authURL = url toString ```

Alen · Answer

Ok so will this also work for your dev keys which you have provided

Alen · Answer

Or only for production which we have set

Alen · Answer

and the API override which you provided earlier is it required now

Alen · Answer

Sorry I got confused little bit

Alen · Answer

Hey < rp> I m getting this error while using your keys for Apple provider this was working earlier `Error SuperTokens core threw an error for a GET request to path recipe user with status code 400 and message Please provide exactly one of userId email or phoneNumber at Querier C BlockSurvey Projects blocksurvey supertoken function node modules supertokens node lib build querier js 252 31 at Generator throw at rejected C BlockSurvey Projects blocksurvey supertoken function node modules supertokens node lib build querier js 22 44 at processTicksAndRejections node internal process task queues 96 5 `

rp · Answer

add content type application json header

Alen · Answer

where this is the API which is throwing the error `const response = await thirdPartySignInAndUp `

Alen · Answer

Hi If possible can we connect and quickly clear my doubts

rp · Answer

< sattvikc> please check if the override code you gave is correct it seems wrong

Alen · Answer

I have removed the overrride code too and tried It isnt working

rp · Answer

Will wait fro < sattvikc> to be available

rp · Answer

without the overrride it should work

rp · Answer

please double check for silly mistakes

rp · Answer

if you want to connect over a call and debug you will have to subscribe to our support plans

Alen · Answer

May I know the details of your support plan

rp · Answer

DMing you

Alen · Answer

sure thanks

Alen · Answer

Hey < rp> I just checked on my side I didn t find any issue

rp · Answer

are you querying the core manually somewhere in your code

rp · Answer

or are you using the getUser function in the signinup API

Alen · Answer

I m just using this override which you had shared last week for deduplication of email address

Alen · Answer

I think the override function which you gave in that there is getUsersByEmail `thirdPartySignInUp async function input let existingUsers = await ThirdPartyPasswordless getUsersByEmail input email if existingUsers length === 0 this means this email is new so we allow sign up return originalImplementation thirdPartySignInUp input if existingUsers find i => email in i thirdParty in i i thirdParty id === input thirdPartyId i thirdParty userId === input thirdPartyUserId this means we are trying to sign in with the same social login So we allow it return originalImplementation thirdPartySignInUp input this means that the email already exists with another social or passwordless login method so we throw an error throw new Error Cannot sign up as email already exists `

rp · Answer

right can you print something right before that and see if it gets logged and then print something right after and see that it doesn t get logged

Alen · Answer

sure

rp · Answer

and also print out the value of `input email`

Alen · Answer

yeah so email is undefined

rp · Answer

ah right

rp · Answer

so thats the problem

Alen · Answer

So what check should I gave so that it works for that deduplication as well

rp · Answer

so email should not be undefined

rp · Answer

do other providers work

Alen · Answer

yeah other providers are working

rp · Answer

so only apple is the issue

Alen · Answer

my apple id has the email address linked with it

rp · Answer

have you changed anything in the default apple implementation

Alen · Answer

no

Alen · Answer

All code are common for all providers

rp · Answer

can you print out the whole `input` object

Alen · Answer

thirdPartyId apple thirdPartyUserId 000473 a413fb833f97431f8dd7e3beab93f19b 1424 email undefined userContext default request ExpressRequest

rp · Answer

so for some reason apple is not returning the email

Alen · Answer

Ok let me check from my side on the apple dashboard

rp · Answer

the ID token returned by apple deosn t seem to contain the email

Alen · Answer

Yeah maybe I just remove the access and try again

rp · Answer

What scope have you added for apple

Alen · Answer

share my email

rp · Answer

right so just the email scope then

rp · Answer

can you login with another account and see Im not sure why apple is not giving the email back

Alen · Answer

I just tried it I went to apple dashboard and deleted the supertoken app access and tried again logging in from scratch Its now returning the email

rp · Answer

hm interesting

Alen · Answer

Just let me know when the override function which < sattvikc> has provided is corrected

rp · Answer

oh it is correct i thought it was wrong cause you were facing this issue

rp · Answer

you can try it

Alen · Answer

so will that work with your tokens as well in dev

sattvikc · Answer

yes it should

sattvikc · Answer

don t use the frontend snippet I shared in production it is only for dev

sattvikc · Answer

backend one should be fine

Alen · Answer

Ok got it

Alen · Answer

Hey < rp> I hid my email address and created an account I got a relay email address which will forward the mails to my original account

Alen · Answer

But it doesnt forward any mail

Alen · Answer

IS it because Apple is blocking the supertokens dev app

rp · Answer

Probably not If it blocked it you wouldn t be able to sign in at all

Alen · Answer

Any idea why it doesn t forward the mail

Alen · Answer

have any of user faced such issue

rp · Answer

this seems more like an apple issue

Alen · Answer

Ok thanks I will take a look

Alen · Answer

Hi Just wanted to know the override function is not getting triggered in local env

Alen · Answer

Or will it be only triggered in prod

Alen · Answer

< rp> This is the code ` appleRedirectHandlerPOST async input => console log input const redirectURL = `https blocksurvey io signup code=$ input code state=$ input state ` input options res sendHTMLResponse `

rp · Answer

< sattvikc> can ans this

Alen · Answer

Ok

rp · Answer

also would be good if you don t tag me Cause others in the team don t bother answering then

Alen · Answer

Sure will keep that in mind

rp · Answer

that override should be triggered in prod too

Alen · Answer

But in local I m not able to log the input

Alen · Answer

Its not getting triggered

sattvikc · Answer

won t be triggered with dev keys

Alen · Answer

Ok

Alen · Answer

In prod it will be triggered right

sattvikc · Answer

yes

Alen · Answer

Im using supertokens provided keys for apple ITs working but this api is not getting triggered thats why I asked

rp · Answer

Cause the supertokens keys are dev keys

rp · Answer

If you use your own keys it will get triggered

Alen · Answer

Ok got it thanks

Alen · Answer

Hi I m getting issue with the apple auth in prod After signing in with apple its redirecting me back to my same redirect url which is my backend url

Alen · Answer

The API override is not getting triggered

rp · Answer

< sattvikc> can help here

sattvikc · Answer

let me check

sattvikc · Answer

< Alen> it is expected to redirect to the backend which API override is not being triggered

sattvikc · Answer

as I had mentioned earlier the Apple returns with a POST request which is converted to a GET request by the backend so on the apple dashboard redirect URI must point to the backend one the AppleRedirectHandler API override will ensure it is redirected to the common frontend url you are using for all the providers

Alen · Answer

we have done that this is the redirect url we set https authservice blocksurvey io auth callback apple

sattvikc · Answer

can u share the response of this url once you were redirected back

Alen · Answer

Hey I figured out the issue it was a cors error I added apple s domain in my cors origin list

Alen · Answer

thanks for your help

sattvikc · Answer

cool happy to help

rp · Answer

Huh I m confused I don t think that should be required Apple should redirect the user to your api domain Apple is not calling your api domain from their website

Alen · Answer

But it was calling I was getting internal server error and when I looked the request apple s origin was present Then I tried logging the origin which was coming and it was https appleid apple com So when I added this origin then only it was redirecting me back to my frontend url

Alen · Answer

apple was making a post call to this url https authservice blocksurvey io auth callback apple

Alen · Answer

and this is the redirect url which I mentioned in apple dashboard for redirecting

rp · Answer

right yea But that post call happens via redirect

rp · Answer

which means you don t need to add apple to cors

Alen · Answer

then what maybe the issue

Alen · Answer

any issue with override API

rp · Answer

can you remove apple from cors and show us the error stack trace

Alen · Answer

We would be happy to remove apple s domain from our cors list as we dont want to give apple access to our rest of the api s

rp · Answer

yea exactly

Alen · Answer

Ok give me some time I will update you

sattvikc · Answer

yes please it should not be added redirect does not require the CORS plz share the exact error message will help resolve

Alen · Answer

Sure

Alen · Answer

This was the error which was logged in our server This shows that the origin which is hitting this is not present in our cors list

Alen · Answer

I will share you the network details as well

sattvikc · Answer

could u share the relavant snippet from this file opt render project src common util js

Alen · Answer

Sure

Alen · Answer

`const corsOptions = origin origin callback => if whitelist indexOf origin == 1 || origin indexOf blocksurvey io == 1 return callback null true else return callback new Error Not allowed by CORS `

sattvikc · Answer

and how is the origin being computed

Alen · Answer

So whitelist will have all our allowed domains and whenever a hit comes to this it will fetch the origin from the request and validate with the whitelist array

Alen · Answer

so the indexOf error suggests that apple origin wasn t present in the whitelist

sattvikc · Answer

yea that s fine wanted to know how the value of origin is fetched

sattvikc · Answer

is it from the referrer or the request domain

Alen · Answer

app use cors origin corsOptions origin allowedHeaders content type supertokens getAllCORSHeaders methods GET PUT POST DELETE credentials true

Alen · Answer

We have also added like this for your api s as well

sattvikc · Answer

let me check

Alen · Answer

Hope this helps you

Alen · Answer

It will be fetched from the request headers origin

sattvikc · Answer

yes

sattvikc · Answer

so basically you need to allow this on the server side

sattvikc · Answer

but the apple domain must not be returned as part of Access Control Allow Origin

Alen · Answer

how can I do it

sattvikc · Answer

give me a min

Alen · Answer

Sure

sattvikc · Answer

you could add else if case checking for appleid domain and then return callback null false

Alen · Answer

Ok thanks I will take a look