Getting error as id_token_claims_invalid | nonce invalid

[Vigneshb14]

Hi,

I tried to set up the apple login and signup using omni-auth apple gem in my application.

# config/initializers/omniauth.rb:

I want to get the id_token from the response because I need the user email every time while hitting this URL

  provider :apple, Rails.application.credentials[:apple_client_id] // ID from service's bundler (eg: com.domain.api), '',
             authorized_client_ids: [Rails.application.credentials[:apple_ui_client_id]] // ID from app's identifier (eg: com.domain.app),
             scope: 'email name',
             team_id: Rails.application.credentials[:apple_team_id],
             key_id: Rails.application.credentials[:apple_key_id],
             pem: Rails.application.credentials[:apple_private_key] // add the pem content with an extra newline at the end,
             provider_ignores_state: true

Error returns:

Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, id_token_claims_invalid | nonce invalid

Please help me to sort out this error.

[bvogel]

possible solution is to add this monkey-patch to your initializers

[bvogel]

the rejected PR #107 offered a solution. As that was rejected I'm waiting/expecting @nov to suggest a solution that will work with a decent session configuration (as in not using SameSite: :none) and nonce working at the same time. I wouldn't hold my breath on that.