https://supertokens.com/ logo
Join Discord
Powered by
I saw that there is a special case for apple to se...
# support-questions
a
I saw that there is a special case for apple to set redirect url.
r
hey @Alen
do you want the custom path just for apple? Or for all providers?
a
All providers. I see that its working for google , github
not for apple.
r
right. @sattvikc can help hjere
a
Like I have given my redirect url as https://blocksurvey.io/signup,
s
sure, @Alen which lang are u using for backend?
a
node js express
s
cool, I'll share the snippet soon
a
Sure thanks a lot.
s
Copy code
ts
ThirdParty.init({
    signInAndUpFeature: {
        providers: [
            Apple({
                clientId: "...",
                clientSecret: {
                    keyId: "...",
                    teamId: "...",
                    privateKey: "..."
                }
            })
        ],
    },
    override: {
        apis: (oI) => ({
            ...oI,
            appleRedirectHandlerPOST: async (input) => {
                const redirectURL = `https://blocksurvey.io/signup?code=${input.code}&state=${input.state}`
                input.options.res.sendHTMLResponse(`<html><head><script>window.location.replace("${redirectURL}");</script></head></html>`)
            },
        })
    }
})
u will need to override this API on the backend, as shown above. note that on the Apple developer dashboard, you will need to provide the backenddomain/auth/callback/apple as the redirect uri. This is because Apple responds back on a POST request, which inturn we convert to a GET request for the frontend.
let me know if this helps
a
Ok got it, I will test this out and let you know. Thanks a lot.
This will work for ThirdpartyPasswordless as well right ?
my recipe is this.
s
yes
a
If I have to test it in dev then how will this work ?
s
do u mean with localhost ?
a
yeah
s
the apple doesn't support localhost as redirect URI. you will need to use ngrok or localtunnel kind of services which provide a https url proxied to your localhost
a
Ok, or we can use your keys which you have provided right
for localhost ? will that work with this API override ?
s
that override won't work for the dev keys. we use a different intermediate url to make the localhost work
a
Ok got it.
s
so u would use that override for production. let me check and get back if there is a way to override that for the dev keys
are u using the webjs or react SDK for the frontend ?
a
webjs
s
okay, give me a little while.. shall get back on that
a
Sure, thanks.
s
okay so I suppose u r calling getAuthorisationURLFromBackend and redirecting using the returned url right?
a
Yes
s
u could parse that, and change the redirect_uri query param before redirecting
a
Copy code
const authUrl = await getThirdPartyAuthorisationURLWithQueryParamsAndSetState({
        providerId: provider,
        authorisationURL: Constants.DOMAIN_URL + "/signup",
      });
I'm implementing like this in frontend
s
yea, perfect
a
where provider is dynamic
s
just for apple, u change the authUrl before redirect
a
How can I change that ?
authorisationURL: Constants.DOMAIN_URL + "/signup",
this should be same for all providers and this is what I'm expecting
s
I understand, just that apple is an exception case where we need to handle this POST to GET and the usage of dev keys makes it a bit unintutive. so the backend would not have honoured the authURL you would have passed for that function.
you could use a snippet like this to change the redirect uri
Copy code
ts
let authURL = "...";
if (provider === 'apple') {
  var url = new URL(authURL);
  var search_params = url.searchParams;

  search_params.set('redirect_uri', Constants.DOMAIN_URL + "/signup");
  url.search = search_params.toString();
  authURL = url.toString();
}
a
Ok, so will this also work for your dev keys which you have provided ?
Or only for production which we have set ?
and the API override which you provided earlier, is it required now ?
Sorry, I got confused little bit.
Hey @rp I'm getting this error while using your keys for Apple provider. this was working earlier.
Copy code
Error: SuperTokens core threw an error for a GET request to path: '/recipe/user' with status code: 400 and message: Please provide exactly one of userId, email or phoneNumber

    at Querier.<anonymous> (C:\BlockSurvey Projects\blocksurvey-supertoken-function\node_modules\supertokens-node\lib\build\querier.js:252:31)
    at Generator.throw (<anonymous>)
    at rejected (C:\BlockSurvey Projects\blocksurvey-supertoken-function\node_modules\supertokens-node\lib\build\querier.js:22:44)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
r
add content-type application/json header
a
where ? this is the API which is throwing the error. 
const response = await thirdPartySignInAndUp();
Hi, If possible can we connect, and quickly clear my doubts?
r
@sattvikc please check if the override code you gave is correct. it seems wrong
a
I have removed the overrride code too and tried. It isnt working.
r
Will wait fro @sattvikc to be available
without the overrride it should work
please double check for silly mistakes
if you want to connect over a call and debug, you will have to subscribe to our support plans
a
May I know the details of your support plan ?
r
DMing you
a
sure thanks
Hey @rp I just checked on my side, I didn't find any issue.
r
are you querying the core manually somewhere in your code?
or are you using the getUser function in the signinup API?
a
I'm just using this override which you had shared last week for deduplication of email address.
message
I think the override function which you gave in that there is getUsersByEmail()
Copy code
thirdPartySignInUp: async function (input) {
                            let existingUsers = await ThirdPartyPasswordless.getUsersByEmail(input.email);
                            if (existingUsers.length === 0) {
                                // this means this email is new so we allow sign up
                                return originalImplementation.thirdPartySignInUp(input);
                            }
                            if (existingUsers.find(i => "email" in i && "thirdParty" in i && i.thirdParty.id === input.thirdPartyId && i.thirdParty.userId === input.thirdPartyUserId)) {
                                // this means we are trying to sign in with the same social login. So we allow it
                                return originalImplementation.thirdPartySignInUp(input);
                            }
                            // this means that the email already exists with another social or passwordless login method, so we throw an error.
                            throw new Error("Cannot sign up as email already exists");
                        }
r
right. can you print something right before that and see if it gets logged, and then print something right after and see that it doesn't get logged?
a
sure
r
and also print out the value of 
input.email
a
yeah so email is undefined
r
ah right.
so thats the problem
a
So what check should I gave so that it works for that deduplication as well
r
so email should not be undefined
do other providers work?
a
yeah other providers are working
r
so only apple is the issue
a
my apple id has the email address linked with it
r
have you changed anything in the default apple implementation?
a
no
All code are common for all providers
r
can you print out the whole 
input
object?
a
{ thirdPartyId: 'apple', thirdPartyUserId: '000473.a413fb833f97431f8dd7e3beab93f19b.1424', email: undefined, userContext: { _default: { request: [ExpressRequest] } } }
r
so for some reason, apple is not returning the email
a
Ok let me check from my side on the apple dashboard.
r
the ID token returned by apple deosn't seem to contain the email
a
Yeah maybe I just remove the access and try again.
r
What scope have you added for apple?
a
share my email
r
right so just the "email" scope then
can you login with another account and see? Im not sure why apple is not giving the email back
a
I just tried it , I went to apple dashboard and deleted the supertoken app access and tried again logging in from scratch. Its now returning the email.
r
hm interesting
a
Just let me know when the override function which @sattvikc has provided is corrected.
r
oh it is correct. i thought it was wrong cause you were facing this issue
you can try it
a
so will that work with your tokens as well in dev ?
s
yes it should
don't use the frontend snippet I shared in production. it is only for dev
backend one should be fine
a
Ok got it.
Hey @rp , I hid my email address and created an account. I got a relay email address which will forward the mails to my original account.
But it doesnt forward any mail .
IS it because Apple is blocking the supertokens dev app ?
r
Probably not. If it blocked it, you wouldn’t be able to sign in at all
a
Any idea , why it doesn't forward the mail?
have any of user faced such issue ?
r
this seems more like an apple issue
a
Ok, thanks. I will take a look.
Hi Just wanted to know the override function is not getting triggered in local env
Or will it be only triggered in prod ?
@rp This is the code ` appleRedirectHandlerPOST: async (input) => { console.log(input); const redirectURL = 
https://blocksurvey.io/signup?code=${input.code}&state=${input.state}
input.options.res.sendHTMLResponse(
<html><head><script>window.location.replace("${redirectURL}");</script></head></html>
) },`
r
@sattvikc can ans this
a
Ok
r
also, would be good if you don't tag me.. Cause others in the team don't bother answering then
a
Sure will keep that in mind
r
that override should be triggered in prod too .
a
But in local I'm not able to log the input
Its not getting triggered
s
won't be triggered with dev keys
a
Ok
In prod it will be triggered right ?
s
yes
a
Im using supertokens provided keys for apple. ITs working but this api is not getting triggered. thats why I asked
r
Cause the supertokens keys are dev keys
If you use your own keys, it will get triggered
a
Ok got it, thanks.
Hi, I'm getting issue with the apple auth in prod. After signing in with apple its redirecting me back to my same redirect url which is my backend url.
The API override is not getting triggered.
r
@sattvikc can help here
s
let me check
@Alen it is expected to redirect to the backend. which API override is not being triggered?
as I had mentioned earlier, the Apple returns with a POST request which is converted to a GET request by the backend. so on the apple dashboard, redirect URI must point to the backend one. the AppleRedirectHandler API override will ensure it is redirected to the common frontend url you are using for all the providers
a
we have done that , this is the redirect url we set : https://authservice.blocksurvey.io/auth/callback/apple
s
can u share the response of this url once you were redirected back?
a
Hey I figured out the issue, it was a cors error. I added apple's domain in my cors origin list.
thanks for your help.
s
cool, happy to help! 😀
r
Huh? I’m confused. I don’t think that should be required. Apple should redirect the user to your api domain. Apple is not calling your api domain from their website.
a
But it was calling, I was getting internal server error and when I looked the request apple's origin was present. Then I tried logging the origin which was coming and it was https://appleid.apple.com. So when I added this origin then only it was redirecting me back to my frontend url.
apple was making a post call to this url https://authservice.blocksurvey.io/auth/callback/apple
and this is the redirect url which I mentioned in apple dashboard for redirecting.
r
right yea. But that post call happens via redirect
which means you don't need to add apple to cors
a
then what maybe the issue ?
any issue with override API ?
r
can you remove apple from cors and show us the error stack trace?
a
We would be happy to remove apple's domain from our cors list as we dont want to give apple access to our rest of the api's
r
yea exactly
a
Ok, give me some time, I will update you.
s
yes, please. it should not be added. redirect does not require the CORS. plz share the exact error message, will help resolve
a
Sure.
This was the error which was logged in our server. This shows that the origin which is hitting this is not present in our cors list.
error
I will share you the network details as well.
s
could u share the relavant snippet from this file - /opt/render/project/src/common/util.js
a
Sure
Copy code
const corsOptions = {
    origin: (origin, callback) => {
        if (whitelist.indexOf(origin) !== -1 || origin.indexOf('.blocksurvey.io') !== -1) {
            return callback(null, true)
        } else {
            return callback(new Error('Not allowed by CORS'))
        }
    }
}
s
and how is the origin being computed?
a
So whitelist will have all our allowed domains, and whenever a hit comes to this , it will fetch the origin from the request and validate with the whitelist array.
so the indexOf error suggests that apple origin wasn't present in the whitelist.
s
yea that's fine. wanted to know how the value of origin is fetched
is it from the referrer or the request domain
a
app.use( cors({ origin: corsOptions.origin, allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()], methods: ['GET', 'PUT', 'POST', 'DELETE'], credentials: true, }) );
We have also added like this for your api's as well.
s
let me check
a
Hope this helps you.
It will be fetched from the request headers origin
s
yes
so basically you need to allow this on the server side
but the apple domain must not be returned as part of Access-Control-Allow-Origin
a
how can I do it ?
s
give me a min.
a
Sure
s
you could add else if case checking for appleid domain and then return callback(null, false)
a
Ok thanks, I will take a look.
3 Views
PreviousNext
Powered by