Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apple SSO Callback Phase throws a OAuth2::AccessToken.from_hash error #108

Open
boyfunky opened this issue Aug 24, 2023 · 1 comment
Open

Apple SSO Callback Phase throws a OAuth2::AccessToken.from_hash error #108

boyfunky opened this issue Aug 24, 2023 · 1 comment

Comments

@boyfunky
Copy link

boyfunky commented Aug 24, 2023
edited
Loading

I am trying to implement Apple SSO using the omniauth_apple gem in Ruby on Rails.

In my devise.rb, i have the following config

config.omniauth :apple, Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :client_id), '', {
        scope: 'email name',
        team_id: Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :team_id),
        key_id: Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :key_id),
        pem: Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :pem),
        redirect_uri: Rails.application.credentials.dig(Rails.env.to_sym, :apple_sso, :redirect_uri),
        provider_ignores_state: true
      }

In my omniauth_callbacks_controller.rb, i have the following

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
    skip_before_action :verify_authenticity_token, only: [:apple]
    protect_from_forgery prepend: true, only: :apple
    
    def apple
      puts "==== GOT INTO APPLE======="
      auth_hash = request.env['omniauth.auth']
    end
  end

My user.rb

class User < ApplicationRecord
   acts_as_tenant(:tenant)
 
   devise :database_authenticatable, :registerable, :recoverable, :lockable,
     :timeoutable, :rememberable, :trackable, :confirmable, :zxcvbnable,
     :omniauthable, :jwt_authenticatable,
     jwt_revocation_strategy: JwtDenyList, omniauth_providers: [:google_oauth2, :facebook, :apple]
 end

in my routes, i also have specification to receive callbacks for each provider

devise_for :users,
       only: :omniauth_callbacks,
       controllers: {omniauth_callbacks: "users/omniauth_callbacks"}

Now when i click the Sign in with Apple button, it does redirect me to sign in my username and password from Apple but when the callback phase is initiated, it returns an error and does not redirect to the controller. I get this error but I honestly do not know how or where to start to resolve it

    OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (["access_token", "id_token"]); using "access_token".
    (apple) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, id_token_claims_invalid | nonce invalid

Does anyone have experience using the omniauth_apple gem with Devise to setup and fully integrate Apple SSO on Rails? Please help
@dangngoctuan
Copy link

dangngoctuan commented Sep 21, 2023
edited
Loading

@boyfunky same issue and I resolved it.
OAuth2::AccessToken.from_hash: hash contained more than one 'token' key (["access_token", "id_token"]); using "access_token".
this is a warning, you don't need to pay attention to it.

It seems to have a problem with the lastest version, so I used v1.2.2 and resolved it. But it will show a new error
ERROR -- omniauth: (apple) Authentication failure! nonce_mismatch: OmniAuth::Strategies::OAuth2::CallbackError, nonce_mismatch | nonce mismatch

You have to use monkey patch here
#76 (comment)

Hope to help you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@boyfunky @dangngoctuan