https://supertokens.com/ logo
Title
a

Alen

12/06/2022, 7:54 AM
I saw that there is a special case for apple to set redirect url.
r

rp

12/06/2022, 7:58 AM
hey @Alen
do you want the custom path just for apple? Or for all providers?
a

Alen

12/06/2022, 7:59 AM
All providers. I see that its working for google , github
not for apple.
r

rp

12/06/2022, 7:59 AM
right. @sattvikc can help hjere
a

Alen

12/06/2022, 8:00 AM
Like I have given my redirect url as https://blocksurvey.io/signup,
s

sattvikc

12/06/2022, 8:00 AM
sure, @Alen which lang are u using for backend?
a

Alen

12/06/2022, 8:01 AM
node js express
s

sattvikc

12/06/2022, 8:01 AM
cool, I'll share the snippet soon
a

Alen

12/06/2022, 8:01 AM
Sure thanks a lot.
s

sattvikc

12/06/2022, 8:23 AM
ts
ThirdParty.init({
    signInAndUpFeature: {
        providers: [
            Apple({
                clientId: "...",
                clientSecret: {
                    keyId: "...",
                    teamId: "...",
                    privateKey: "..."
                }
            })
        ],
    },
    override: {
        apis: (oI) => ({
            ...oI,
            appleRedirectHandlerPOST: async (input) => {
                const redirectURL = `https://blocksurvey.io/signup?code=${input.code}&state=${input.state}`
                input.options.res.sendHTMLResponse(`<html><head><script>window.location.replace("${redirectURL}");</script></head></html>`)
            },
        })
    }
})
u will need to override this API on the backend, as shown above. note that on the Apple developer dashboard, you will need to provide the backenddomain/auth/callback/apple as the redirect uri. This is because Apple responds back on a POST request, which inturn we convert to a GET request for the frontend.
let me know if this helps
a

Alen

12/06/2022, 8:29 AM
Ok got it, I will test this out and let you know. Thanks a lot.
This will work for ThirdpartyPasswordless as well right ?
my recipe is this.
s

sattvikc

12/06/2022, 8:29 AM
yes
a

Alen

12/06/2022, 8:31 AM
If I have to test it in dev then how will this work ?
s

sattvikc

12/06/2022, 8:31 AM
do u mean with localhost ?
a

Alen

12/06/2022, 8:32 AM
yeah
s

sattvikc

12/06/2022, 8:33 AM
the apple doesn't support localhost as redirect URI. you will need to use ngrok or localtunnel kind of services which provide a https url proxied to your localhost
a

Alen

12/06/2022, 8:34 AM
Ok, or we can use your keys which you have provided right
for localhost ? will that work with this API override ?
s

sattvikc

12/06/2022, 8:36 AM
that override won't work for the dev keys. we use a different intermediate url to make the localhost work
a

Alen

12/06/2022, 8:36 AM
Ok got it.
s

sattvikc

12/06/2022, 8:38 AM
so u would use that override for production. let me check and get back if there is a way to override that for the dev keys
are u using the webjs or react SDK for the frontend ?
a

Alen

12/06/2022, 8:39 AM
webjs
s

sattvikc

12/06/2022, 8:40 AM
okay, give me a little while.. shall get back on that
a

Alen

12/06/2022, 8:40 AM
Sure, thanks.
s

sattvikc

12/06/2022, 8:42 AM
okay so I suppose u r calling getAuthorisationURLFromBackend and redirecting using the returned url right?
a

Alen

12/06/2022, 8:42 AM
Yes
s

sattvikc

12/06/2022, 8:43 AM
u could parse that, and change the redirect_uri query param before redirecting
a

Alen

12/06/2022, 8:43 AM
const authUrl = await getThirdPartyAuthorisationURLWithQueryParamsAndSetState({
        providerId: provider,
        authorisationURL: Constants.DOMAIN_URL + "/signup",
      });
I'm implementing like this in frontend
s

sattvikc

12/06/2022, 8:44 AM
yea, perfect
a

Alen

12/06/2022, 8:44 AM
where provider is dynamic
s

sattvikc

12/06/2022, 8:44 AM
just for apple, u change the authUrl before redirect
a

Alen

12/06/2022, 8:44 AM
How can I change that ?
authorisationURL: Constants.DOMAIN_URL + "/signup",
this should be same for all providers and this is what I'm expecting
s

sattvikc

12/06/2022, 8:53 AM
I understand, just that apple is an exception case where we need to handle this POST to GET and the usage of dev keys makes it a bit unintutive. so the backend would not have honoured the authURL you would have passed for that function.
you could use a snippet like this to change the redirect uri
ts
let authURL = "...";
if (provider === 'apple') {
  var url = new URL(authURL);
  var search_params = url.searchParams;

  search_params.set('redirect_uri', Constants.DOMAIN_URL + "/signup");
  url.search = search_params.toString();
  authURL = url.toString();
}
a

Alen

12/06/2022, 9:01 AM
Ok, so will this also work for your dev keys which you have provided ?
Or only for production which we have set ?
and the API override which you provided earlier, is it required now ?
Sorry, I got confused little bit.
Hey @rp I'm getting this error while using your keys for Apple provider. this was working earlier.
Error: SuperTokens core threw an error for a GET request to path: '/recipe/user' with status code: 400 and message: Please provide exactly one of userId, email or phoneNumber

    at Querier.<anonymous> (C:\BlockSurvey Projects\blocksurvey-supertoken-function\node_modules\supertokens-node\lib\build\querier.js:252:31)
    at Generator.throw (<anonymous>)
    at rejected (C:\BlockSurvey Projects\blocksurvey-supertoken-function\node_modules\supertokens-node\lib\build\querier.js:22:44)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
r

rp

12/06/2022, 9:33 AM
add content-type application/json header
a

Alen

12/06/2022, 9:34 AM
where ? this is the API which is throwing the error.
const response = await thirdPartySignInAndUp();
Hi, If possible can we connect, and quickly clear my doubts?
r

rp

12/06/2022, 9:40 AM
@sattvikc please check if the override code you gave is correct. it seems wrong
a

Alen

12/06/2022, 9:40 AM
I have removed the overrride code too and tried. It isnt working.
r

rp

12/06/2022, 9:40 AM
Will wait fro @sattvikc to be available
without the overrride it should work
please double check for silly mistakes
if you want to connect over a call and debug, you will have to subscribe to our support plans
a

Alen

12/06/2022, 9:41 AM
May I know the details of your support plan ?
r

rp

12/06/2022, 9:42 AM
DMing you
a

Alen

12/06/2022, 9:42 AM
sure thanks
Hey @rp I just checked on my side, I didn't find any issue.
r

rp

12/06/2022, 9:54 AM
are you querying the core manually somewhere in your code?
or are you using the getUser function in the signinup API?
a

Alen

12/06/2022, 9:55 AM
I'm just using this override which you had shared last week for deduplication of email address.
I think the override function which you gave in that there is getUsersByEmail()
thirdPartySignInUp: async function (input) {
                            let existingUsers = await ThirdPartyPasswordless.getUsersByEmail(input.email);
                            if (existingUsers.length === 0) {
                                // this means this email is new so we allow sign up
                                return originalImplementation.thirdPartySignInUp(input);
                            }
                            if (existingUsers.find(i => "email" in i && "thirdParty" in i && i.thirdParty.id === input.thirdPartyId && i.thirdParty.userId === input.thirdPartyUserId)) {
                                // this means we are trying to sign in with the same social login. So we allow it
                                return originalImplementation.thirdPartySignInUp(input);
                            }
                            // this means that the email already exists with another social or passwordless login method, so we throw an error.
                            throw new Error("Cannot sign up as email already exists");
                        }
r

rp

12/06/2022, 9:57 AM
right. can you print something right before that and see if it gets logged, and then print something right after and see that it doesn't get logged?
a

Alen

12/06/2022, 9:57 AM
sure
r

rp

12/06/2022, 9:58 AM
and also print out the value of
input.email
a

Alen

12/06/2022, 9:59 AM
yeah so email is undefined
r

rp

12/06/2022, 9:59 AM
ah right.
so thats the problem
a

Alen

12/06/2022, 10:00 AM
So what check should I gave so that it works for that deduplication as well
r

rp

12/06/2022, 10:00 AM
so email should not be undefined
do other providers work?
a

Alen

12/06/2022, 10:01 AM
yeah other providers are working
r

rp

12/06/2022, 10:01 AM
so only apple is the issue
a

Alen

12/06/2022, 10:01 AM
my apple id has the email address linked with it
r

rp

12/06/2022, 10:01 AM
have you changed anything in the default apple implementation?
a

Alen

12/06/2022, 10:01 AM
no
All code are common for all providers
r

rp

12/06/2022, 10:02 AM
can you print out the whole
input
object?
a

Alen

12/06/2022, 10:02 AM
{ thirdPartyId: 'apple', thirdPartyUserId: '000473.a413fb833f97431f8dd7e3beab93f19b.1424', email: undefined, userContext: { _default: { request: [ExpressRequest] } } }
r

rp

12/06/2022, 10:02 AM
so for some reason, apple is not returning the email
a

Alen

12/06/2022, 10:05 AM
Ok let me check from my side on the apple dashboard.
r

rp

12/06/2022, 10:06 AM
the ID token returned by apple deosn't seem to contain the email
a

Alen

12/06/2022, 10:06 AM
Yeah maybe I just remove the access and try again.
r

rp

12/06/2022, 10:07 AM
What scope have you added for apple?
a

Alen

12/06/2022, 10:07 AM
share my email
r

rp

12/06/2022, 10:07 AM
right so just the "email" scope then
can you login with another account and see? Im not sure why apple is not giving the email back
a

Alen

12/06/2022, 10:08 AM
I just tried it , I went to apple dashboard and deleted the supertoken app access and tried again logging in from scratch. Its now returning the email.
r

rp

12/06/2022, 10:08 AM
hm interesting
a

Alen

12/06/2022, 10:09 AM
Just let me know when the override function which @sattvikc has provided is corrected.
r

rp

12/06/2022, 10:10 AM
oh it is correct. i thought it was wrong cause you were facing this issue
you can try it
a

Alen

12/06/2022, 10:10 AM
so will that work with your tokens as well in dev ?
s

sattvikc

12/06/2022, 10:10 AM
yes it should
don't use the frontend snippet I shared in production. it is only for dev
backend one should be fine
a

Alen

12/06/2022, 10:11 AM
Ok got it.
Hey @rp , I hid my email address and created an account. I got a relay email address which will forward the mails to my original account.
But it doesnt forward any mail .
IS it because Apple is blocking the supertokens dev app ?
r

rp

12/06/2022, 10:55 AM
Probably not. If it blocked it, you wouldn’t be able to sign in at all
a

Alen

12/06/2022, 10:56 AM
Any idea , why it doesn't forward the mail?
have any of user faced such issue ?
r

rp

12/06/2022, 11:01 AM
this seems more like an apple issue
a

Alen

12/06/2022, 11:02 AM
Ok, thanks. I will take a look.
Hi Just wanted to know the override function is not getting triggered in local env
Or will it be only triggered in prod ?
@rp This is the code ` appleRedirectHandlerPOST: async (input) => { console.log(input); const redirectURL =
https://blocksurvey.io/signup?code=${input.code}&state=${input.state}
input.options.res.sendHTMLResponse(
<html><head><script>window.location.replace("${redirectURL}");</script></head></html>
) },`
r

rp

12/06/2022, 2:20 PM
@sattvikc can ans this
a

Alen

12/06/2022, 2:20 PM
Ok
r

rp

12/06/2022, 2:21 PM
also, would be good if you don't tag me.. Cause others in the team don't bother answering then
a

Alen

12/06/2022, 2:21 PM
Sure will keep that in mind
r

rp

12/06/2022, 2:21 PM
that override should be triggered in prod too .
a

Alen

12/06/2022, 2:21 PM
But in local I'm not able to log the input
Its not getting triggered
s

sattvikc

12/06/2022, 2:23 PM
won't be triggered with dev keys
a

Alen

12/06/2022, 2:23 PM
Ok
In prod it will be triggered right ?
s

sattvikc

12/06/2022, 2:23 PM
yes
a

Alen

12/06/2022, 2:24 PM
Im using supertokens provided keys for apple. ITs working but this api is not getting triggered. thats why I asked
r

rp

12/06/2022, 2:24 PM
Cause the supertokens keys are dev keys
If you use your own keys, it will get triggered
a

Alen

12/06/2022, 2:24 PM
Ok got it, thanks.
Hi, I'm getting issue with the apple auth in prod. After signing in with apple its redirecting me back to my same redirect url which is my backend url.
The API override is not getting triggered.
r

rp

12/07/2022, 4:04 AM
@sattvikc can help here
s

sattvikc

12/07/2022, 4:07 AM
let me check
@Alen it is expected to redirect to the backend. which API override is not being triggered?
as I had mentioned earlier, the Apple returns with a POST request which is converted to a GET request by the backend. so on the apple dashboard, redirect URI must point to the backend one. the AppleRedirectHandler API override will ensure it is redirected to the common frontend url you are using for all the providers
a

Alen

12/07/2022, 4:14 AM
we have done that , this is the redirect url we set : https://authservice.blocksurvey.io/auth/callback/apple
s

sattvikc

12/07/2022, 4:14 AM
can u share the response of this url once you were redirected back?
a

Alen

12/07/2022, 4:18 AM
Hey I figured out the issue, it was a cors error. I added apple's domain in my cors origin list.
thanks for your help.
s

sattvikc

12/07/2022, 4:20 AM
cool, happy to help! 😀
r

rp

12/07/2022, 4:41 AM
Huh? I’m confused. I don’t think that should be required. Apple should redirect the user to your api domain. Apple is not calling your api domain from their website.
a

Alen

12/07/2022, 4:45 AM
But it was calling, I was getting internal server error and when I looked the request apple's origin was present. Then I tried logging the origin which was coming and it was https://appleid.apple.com. So when I added this origin then only it was redirecting me back to my frontend url.
apple was making a post call to this url https://authservice.blocksurvey.io/auth/callback/apple
and this is the redirect url which I mentioned in apple dashboard for redirecting.
r

rp

12/07/2022, 4:47 AM
right yea. But that post call happens via redirect
which means you don't need to add apple to cors
a

Alen

12/07/2022, 4:47 AM
then what maybe the issue ?
any issue with override API ?
r

rp

12/07/2022, 4:48 AM
can you remove apple from cors and show us the error stack trace?
a

Alen

12/07/2022, 4:48 AM
We would be happy to remove apple's domain from our cors list as we dont want to give apple access to our rest of the api's
r

rp

12/07/2022, 4:48 AM
yea exactly
a

Alen

12/07/2022, 4:49 AM
Ok, give me some time, I will update you.
s

sattvikc

12/07/2022, 4:49 AM
yes, please. it should not be added. redirect does not require the CORS. plz share the exact error message, will help resolve
a

Alen

12/07/2022, 4:49 AM
Sure.
This was the error which was logged in our server. This shows that the origin which is hitting this is not present in our cors list.
I will share you the network details as well.
s

sattvikc

12/07/2022, 5:10 AM
could u share the relavant snippet from this file - /opt/render/project/src/common/util.js
a

Alen

12/07/2022, 5:10 AM
Sure
const corsOptions = {
    origin: (origin, callback) => {
        if (whitelist.indexOf(origin) !== -1 || origin.indexOf('.blocksurvey.io') !== -1) {
            return callback(null, true)
        } else {
            return callback(new Error('Not allowed by CORS'))
        }
    }
}
s

sattvikc

12/07/2022, 5:11 AM
and how is the origin being computed?
a

Alen

12/07/2022, 5:12 AM
So whitelist will have all our allowed domains, and whenever a hit comes to this , it will fetch the origin from the request and validate with the whitelist array.
so the indexOf error suggests that apple origin wasn't present in the whitelist.
s

sattvikc

12/07/2022, 5:13 AM
yea that's fine. wanted to know how the value of origin is fetched
is it from the referrer or the request domain
a

Alen

12/07/2022, 5:15 AM
app.use( cors({ origin: corsOptions.origin, allowedHeaders: ['content-type', ...supertokens.getAllCORSHeaders()], methods: ['GET', 'PUT', 'POST', 'DELETE'], credentials: true, }) );
We have also added like this for your api's as well.
s

sattvikc

12/07/2022, 5:16 AM
let me check
a

Alen

12/07/2022, 5:25 AM
Hope this helps you.
It will be fetched from the request headers origin
s

sattvikc

12/07/2022, 5:32 AM
yes
so basically you need to allow this on the server side
but the apple domain must not be returned as part of Access-Control-Allow-Origin
a

Alen

12/07/2022, 5:56 AM
how can I do it ?
s

sattvikc

12/07/2022, 6:00 AM
give me a min.
a

Alen

12/07/2022, 6:00 AM
Sure
s

sattvikc

12/07/2022, 6:02 AM
you could add else if case checking for appleid domain and then return callback(null, false)
a

Alen

12/07/2022, 8:08 AM
Ok thanks, I will take a look.