Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Apple Provider first and last name #3409

Closed
wants to merge 3 commits into from
Closed

Fix Apple Provider first and last name #3409

wants to merge 3 commits into from

Conversation

ryanmalesic
Copy link

@ryanmalesic ryanmalesic commented Dec 9, 2021
edited
Loading

Re-adding apple firstName and lastName. The name is not sent in the response but the fix was removed in a recent commit. This commit re-adds the logic to add the first and last name to the profile.

Reasoning 💡

The name for a user is important.

Checklist 🧢

  • Documentation
  • Tests
  • Ready to be merged

Affected issues 🎟

Fixes the changes made in #2875

@github-actions github-actions bot added core Refers to `@auth/core` providers labels Dec 9, 2021
balazsorban44
balazsorban44 reviewed Dec 9, 2021
View reviewed changes
Copy link
Member

@balazsorban44 balazsorban44 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please show me the input argument of your profile callback both with and without your change in the core?

I really want to avoid putting provider specific code into the core.

src/core/lib/oauth/callback.ts
// Contains the email, firstName, and lastName of Apple.
// Needed beacuse apple does not send the name in the token (profile callback).
// profile: {user: {email: '[email protected]', name: {firstName: 'John', lastName: 'Doe'}}}
profile.user = JSON.parse(body?.user ?? query?.user ?? null)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really object this change, especially if it's Apple only.

We tested this provider a few days ago, and this wasn't necessary.

Copy link
Author

@ryanmalesic ryanmalesic Dec 10, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

{
iss: '...'
aud: '...',
exp: ...,
iat: ...,
sub: '...',
at_hash: '...',
email: '[email protected]',
email_verified: 'true',
auth_time: ...,
nonce_supported: true
}

This is the contents of profile without the changes. Name is not included. Name also isn't stored in the database without the changes I made.

Documentation isn't clear but

The modified name is only shared with your app and not with Apple, and hence isn’t included in the ID token.
https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple#3383768

@stale
Copy link

stale bot commented Feb 8, 2022

Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep it open. (Read more at #912) Thanks!

@stale stale bot added the stale Did not receive any activity for 60 days label Feb 8, 2022
@stale
Copy link

stale bot commented Feb 16, 2022

To keep things tidy, we are closing this issue for now. If you think your issue is still relevant, leave a comment and we might reopen it. Thanks!

@stale stale bot closed this Feb 16, 2022
@gentlementlegen
Copy link

Hello!

I would like to open this thread again because indeed the name for Apple provider does not work. The information is only contained in the body, Apple does not provide it elsewhere.

Inside the body:

{
  "code": "someValue",
  "user": "{\"name\":{\"firstName\":\"Fernand\",\"lastName\":\"VEYRIER\"},\"email\":\"[email protected]\"}"
}

But later on when tokens.claims() is called, the value of the profile is the following:

{
  "iss": "https://appleid.apple.com",
  "aud": "...",
  "exp": 1646363341,
  "iat": 1646276941,
  "sub": "...",
  "at_hash": "vhu7PI4b6vTNlJvGgTE-PQ",
  "email": "[email protected]",
  "email_verified": "true",
  "auth_time": 1646276829,
  "nonce_supported": true
}

The user data is totally omitted and cannot be retrieved anymore. Would love to have an update on this, thanks!

@rogaha
Copy link

rogaha commented May 6, 2022

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@balazsorban44 balazsorban44 balazsorban44 left review comments

Assignees
No one assigned
Labels
core Refers to `@auth/core` providers stale Did not receive any activity for 60 days
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ryanmalesic @gentlementlegen @rogaha @balazsorban44