aboutyou / dart_packages Goto Github PK

I followed the instructions to get Sign In With Apple working on Android and seem to have the whole flow working, to the point of getting a credential from SignInWithApple.getAppleIDCredential. However when I try to use the credential to sign in with Firebase, as in:

final credential = OAuthProvider(providerId: 'apple.com').getCredential(
    idToken: appleIdCredential.identityToken,
    accessToken: appleIdCredential.authorizationCode,
);

The JWT seems to use the Service Id (entered in the clientId parameter of WebAuthenticationOptions) for the aud claim but Firebase Auth expects the aud claim to have the Firebase project id. The error message is:

The supplied auth credential is malformed or has expired. [ The audience in ID Token [com.example.project.auth-service] does not match the expected audience com.example.project. ]

Hi,

I am not able to determine what should I add in redirectURI so that I can be redirected to my app after signing in with my apple ID in the browser.

Thanks.

Hi,

First of all, thank you for all these packages.

This is not an issue, but more of a problem of mine.

I am trying to implement sign_in_with_apple on Android with Firebase Sign-In, but instead of creating my own server, I am trying to use the Firebase auth_handler

final credentials = await SignInWithApple.getAppleIDCredential( scopes: scopes, webAuthenticationOptions: WebAuthenticationOptions( clientId: '[myID]', redirectUri: Uri.parse( 'https://[appId].firebaseapp.com/__/auth/handler', ), ),

I did all the setup required on Apple Developer Account and also on the Firebase side, including the Web bit, such as the Key Id and the Auth Key.

Everything works, however, after I Sign in with Apple and I get redirected to 'https://[appId].firebaseapp.com/__/auth/handler', nothing happens. I would assume that the Browser should close and return to the app and get my credentials, same way it happens on iOS.

Do you have any suggestions on what I should do next in order to make it work with the 'https://[appId].firebaseapp.com/__/auth/handler?

Thank you in advance.

Thanks for the package! Is it planned to have web support soon for it?

Create an example app and service on the AY accounts, so we can test with a common set up.

We should have proper readme files so they can also be displayed on pub.dev

They should contain the following information:

• Brief description of the package
• Installation (potentially only a link to pub.dev)
• Usage and Public API

It should be possible to get notified when the Chrome Custom Tab activity closes, but I didn't find the relevant API on the v2 Android / Flutter embedding.

https://stackoverflow.com/questions/41010017/callback-on-dismiss-of-chrome-custom-tabs/41444238#41444238

Hi,

Thank you for the package. I need to integrate this with Firebase Auth (using oAuth2) and unfortunately, the AuthorizationCredentialApple doesn't have the idToken that I need in order to get a valid AuthCredential.

Do you know a way to get it or isn't currently unsupported?

Thanks!

Hi!

I'm actually using sign_in_with_apple 2.5.1, using only the iOS version, and I'm doing the sign in function as the example says, and once the user is logged with apple and receives the credentials data I'm giving the authentication code and sending to my app own server, and once there, my servers will communicate with Apple Server's as the usual way on the endpoint "https://appleid.apple.com/auth/token" sending as parameters the next:

• client_id: com.nameoftheapp.service
• client_secret: (.p8 file parsed to JWT Token as the documentation says)
• grant_type: authorization_code
• code: (the autentication code received from the client app on user logged in)

When I do this request from the server or even with postman the result I give is: "invalid_grant".
The curious thing here is that I think that maybe can be the client_secret, maybe i made a bad conversion from the p8 file key but i tried to change just a letter from the client_secret but the error changes to "invalid_client".

Maybe just doing as the code of the example is not enough? I will be very thankful if someone can help.

Hello, the plugin works perfectly on iOS for me however i added the web parameters

await SignInWithApple.getAppleIDCredential(
    scopes: [
        AppleIDAuthorizationScopes.email,
        AppleIDAuthorizationScopes.fullName,
     ],
    webAuthenticationOptions: WebAuthenticationOptions(
    clientId: "com.example.app",
    redirectUri: Uri.parse("https://${Constants.BASE_HOST}/user/auth/apple/callback")
);

however when clicking on the button i get the following error:

2020-05-26 16:45:26.864 7062-7114/com.exampe.app E/flutter: [ERROR:flutter/lib/ui/ui_dart_state.cc(157)] Unhandled Exception: PlatformException(MISSING_ACTIVITY, Plugin is not attached to an activity, {url: https://appleid.apple.com/auth/authorize?client_id=com.example.app&redirect_uri=https%3A%2F%2Fexample.herokuapp.com%2Fuser%2Fauth%2Fapple%2Fcallback&scope=email+name&response_type=code+id_token&response_mode=form_post})
    #0      StandardMethodCodec.decodeEnvelope (package:flutter/src/services/message_codecs.dart:569:7)
    #1      MethodChannel._invokeMethod (package:flutter/src/services/platform_channel.dart:156:18)
    <asynchronous suspension>
    #2      MethodChannel.invokeMethod (package:flutter/src/services/platform_channel.dart:329:12)
    #3      SignInWithApple._signInWithAppleAndroid (package:sign_in_with_apple/src/sign_in_with_apple.dart:231:34)
    #4      SignInWithApple.getAppleIDCredential (package:sign_in_with_apple/src/sign_in_with_apple.dart:107:14)
    #5      _RegisterWidgetState.buildRegisterButtons.<anonymous closure> (package:example/widgets/profile/register/register_widget.dart:219:56)
    #6      _InkResponseState._handleTap (package:flutter/src/material/ink_well.dart:779:19)
    #7      _InkResponseState.build.<anonymous closure> (package:flutter/src/material/ink_well.dart:862:36)
    #8      GestureRecognizer.invokeCallback (package:flutter/src/gestures/recognizer.dart:182:24)
    #9      TapGestureRecognizer.handleTapUp (package:flutter/src/gestures/tap.dart:504:11)
    #10     BaseTapGestureRecognizer._checkUp (package:flutter/src/gestures/tap.dart:282:5)
    #11     BaseTapGestureRecognizer.acceptGesture (package:flutter/src/gestures/tap.dart:254:7)
    #12     GestureArenaManager.sweep (package:flutter/src/gestures/arena.dart:156:27)
    #13     GestureBinding.handleEvent (package:flutter/src/gestures/binding.dart:222:20)
    #14     GestureBinding.dispatchEvent (package:flutter/src/gestures/binding.dart:198:22)
    #15     GestureBinding._handlePointerEvent (package:flutter/src/gestures/binding.dart:156:7)
    #16     GestureBinding._flushPointerEventQueue (package:flutter/src/gestures/binding.dart:102:7)
    #17     GestureBinding._handlePointerDataPacket (package:flutter/src/gestures/binding.dart:86:7)
    #18     _rootRunUnary (dart:async/zone.dart:1196:13)
    #19     _CustomZone.runUnary (dart:async/zone.dart:1085:19)
    #20     _CustomZone.runUnaryGuarded (dart:async/zone.dart:987:7)
    #21     _invoke1 (dart:ui/hooks.dart:275:10)
    #22     _dispatchPointerDataPacket (dart:ui/hooks.dart:184:5)

i have added the following to my manifest

<activity
android:name="com.aboutyou.dart_packages.sign_in_with_apple.SignInWithAppleCallback"
            android:exported="true"
            >
            <intent-filter>
                <action android:name="android.intent.action.VIEW" />
                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />

                <data android:scheme="signinwithapple" />
                <data android:path="callback" />
            </intent-filter>
        </activity>

i have migrated to androidx
flutter version: 1.17.1
sign_in_with_apple version: 2.3.0

i have checked #73 and didn't get an answer
the exception happens here https://github.com/aboutyou/dart_packages/blob/master/packages/sign_in_with_apple/android/src/main/kotlin/com/aboutyou/dart_packages/sign_in_with_apple/SignInWithApplePlugin.kt#L63

According to https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms and https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple , the Required Query Parameters could contains the step parameter, useful for sending additional data to the server component.

Looking through the API reference there is no reference to being able to sign-out of apple with this package, how would I go about doing this if a user wants to sign out.

…so we can have stricter assertions on which fields are expected.

Follow up from #34, as suggested in PR; relates to #30

Current (incl. Web/Android support)

final credentials = await SignInWithApple.requestCredentials(
  requests: [
    PasswordAuthorizationRequest(),
    AppleIDAuthorizationRequest(
      scopes: [
        AppleIDAuthorizationScopes.email,
        AppleIDAuthorizationScopes.fullName,
      ],
    ),
  ],
  webAuthenticationOptions: WebAuthenticationOptions (…),
);

Issues with the current implementation

I think exposing an API that accepts multiple requests in order, while there is only one useful order (keychain first, Apple ID second), is not helping.

Furthermore we have an issue with the keychain result, which could return credentials which are not valid anymore. To find out that that is the case the parent application would need to try them first, and in an error case either suggest the user to recover their account via e-mail, or call requestCredentials again without the password request.

Possible approach

Beyond just simplifying the above API (remove the extremely verbose options), I would prefer to split up keychain and Apple ID authentication into separate APIs (as also suggested by @HenriBeck in #30 (comment)).

Having no password stored in keychain should not be an error in that case (just return null), and the calling app can cleanly handle just the password scenario in whatever way it wants.

Furthermore the Apple ID scenario could be simplified into:

final credentials = await SignInWithApple.requestCredentials(
  scopes: [
    AppleIDAuthorizationScopes.email,
    AppleIDAuthorizationScopes.fullName,
  ],
  webAuthenticationOptions: WebAuthenticationOptions (…),
);

With regards to the webAuthenticationOptions I wonder if we should stick to the static methods, or provide some wrapper class, where the consumer can pass their configuration when creating the instance. As the webAuthenticationOptions parameter is only needed in a single case (and only on some platforms), it might be fine to keep it on that specific request.

The full consumer side would then look like this:

// Optional, if the app wants to fallback to web credentials and hasn't already checked keychain by some other method
final keychainCredentials = await SignInWithApple.getKeychainCredential();

if (keychainCredentials != null) {
  final loginResult = await loginClient.login(keychainCredentials.username, keychainCredentials.password);

  if (loginResult.success) {
    return;
  }
} 

final credentials = await SignInWithApple.requestCredentials(
  scopes: [AppleIDAuthorizationScopes.email, AppleIDAuthorizationScopes.fullName],
  webAuthenticationOptions: WebAuthenticationOptions (…),
);

Tests should also run on macOS

dsadas

On Android, after calling await SignInWithApple.getAppleIDCredential() and performing the authentication on the chrome tab, the call returns with the credential but the app is restarted. If I put a breakpoint on runApp(MyApp()); I can see that it's called again. Is that the expected behavior?

I was able to reproduce that using the example app.

• What went wrong:
  Execution failed for task ':app:checkDevDebugDuplicateClasses'.

1 exception was raised by workers:
java.lang.RuntimeException: java.lang.RuntimeException: Duplicate class com.google.common.util.concurrent.ListenableFuture found in modules guava-20.0.jar (com.google.guava:guava:20.0) and listenablefuture-1.0.jar (com.google.guava:listenablefuture:1.0)

Would be cool if we could publish via GitHub Actions, passing the package name as a parameter somehow and restricting the whole process to master.

Possibly helpful: https://medium.com/evenbit/publishing-dart-packages-with-github-actions-5240068a2f7d (though I would like to avoid putting the personal access token up here)

I just came across an idea of how to make the task updating a bloc based on parent inputs cleaner in the case where the bloc shouldn't be recreated completely, but just update itself.

The current option was basically to pass a ValueNotifier to the bloc, which could then do it's own subscribing and updating. This lost the declarative convenience of WithBloc and forced the bloc to accept some "management overhead" distracting from the core flow.

So, what about an onInputsChange callback, that is invoked (if present) when the inputs change, instead of recreating the bloc entirely?

I think still creating a full initially by createBloc is still preferable over a pattern that relies on the updater also being called for the first render (as you would then have to have some empty/"loading" state in the bloc). (This is also aligned with how we handle our Provider creation.)

cc @HenriBeck

The Android example app has been created some times over, and now has duplicate files. That should be cleaned up.

Hi there. I'm trying to add this plugin to my app. I've done all the steps described in the README but I'm encountering some unnexpected behaviours:

1 - When I hit the button the "apple login screen" is very different from that one in README:
My Apple Login

2 - Touching "Continue", it asks for my Face ID to start session and it shows an "Ok" after the face check. No Apple ID description wall nor Name and Email (real or fake/hidden) wall are shown.

3 - Once it come back to my app, all user credentials are missing. Here is my code (the same code in the README tutorial):

Future<void> _handleAppleSignIn() async {
    final credential = await SignInWithApple.getAppleIDCredential(
      scopes: [
        AppleIDAuthorizationScopes.email,
        AppleIDAuthorizationScopes.fullName,
      ],
    );
    print(credential);
  }

The output for print(credential) is:

AuthorizationAppleID(000364.429629a550054b5d9f8941d592fff520.1342, null, null, null, authorizationCode set? true, null)

Also, credential.email, .givenName, familyName are null.

Could you help me? Thanks in advance :)

Tried to test signing in with Apple from an Android device as described, however the glitch server responds with an AppleAuth Error:

(node:4047) UnhandledPromiseRejectionWarning: AppleAuth Error – Error occurred while signing: Error: error:0909006C:PEM routines:get_name:no start line

(node:4047) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)

(node:4047) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Looks like that the key contents are not well formatted, so in server.js I replaced

process.env.KEY_CONTENTS.replace(/\|/g, "\n"),
with
process.env.KEY_CONTENTS.replace(/\\n/gm, '\n'),
when creating the AppleAuth, which fixes the problem.

Should it be updated in the example server as well?

We should have proper runnable flutter apps in our example directory.

In case Sign in with Apple returns saved keychain credentials (username/password) which are not valid on the backend the app should have the possibility to request login with an Apple ID (and ignore the saved credentials).

Otherwise this would lead to SiwA being stuck/not available to people who have old credentials in their keychain.

By providing this switch in the API, the app can decide whether to proceed with a "password reset" flow, or to create a new account based on the Apple ID.

We should make the fallback font configurable for the SiwA button, so app's can provide their own font name for non-Apple platforms (where the SF font is not available).

Follow up from #103: We should only accept incoming links if the nonce matches they latest given out nonce, such that an attacker can't spam our login callback activity and hence interrupt an ongoing login.

Launching flutter build ios on a project with sign_in_with_apple dependency version 2.1.0+1 causes the following error:

Undefined symbols for architecture arm64:
      "Swift._stdlib_isOSVersionAtLeast(Builtin.Word, Builtin.Word, Builtin.Word) -> Builtin.Int1", referenced from:
          function signature specialization <Arg[1] = Dead> of static sign_in_with_apple.SwiftSignInWithApplePlugin.register(with:
          __C.FlutterPluginRegistrar) -> () in libsign_in_with_apple.a(SwiftSignInWithApplePlugin.o)
      "_swift_deletedMethodError", referenced from:
          type metadata for sign_in_with_apple.SignInWithAppleAvailablePlugin in
          libsign_in_with_apple.a(SignInWithAppleAvailablePlugin.o)

Flutter doctor:

$ flutter doctor -v
[✓] Flutter (Channel stable, v1.17.1, on Mac OS X 10.15.4 19E287, locale it-IT)
    • Flutter version 1.17.1 at /Users/administrator/development/flutter
    • Framework revision f7a6a7906b (6 days ago), 2020-05-12 18:39:00 -0700
    • Engine revision 6bc433c6b6
    • Dart version 2.8.2

 
[✓] Android toolchain - develop for Android devices (Android SDK version 28.0.3)
    • Android SDK at /Users/administrator/Library/Android/sdk
    • Platform android-28, build-tools 28.0.3
    • Java binary at: /Applications/Android Studio.app/Contents/jre/jdk/Contents/Home/bin/java
    • Java version OpenJDK Runtime Environment (build 1.8.0_152-release-1248-b01)
    • All Android licenses accepted.

[✓] Xcode - develop for iOS and macOS (Xcode 11.4.1)
    • Xcode at /Applications/Xcode.app/Contents/Developer
    • Xcode 11.4.1, Build version 11E503a
    • CocoaPods version 1.9.1

[✓] Android Studio (version 3.3)
    • Android Studio at /Applications/Android Studio.app/Contents
    • Flutter plugin version 33.0.1
    • Dart plugin version 182.5215
    • Java version OpenJDK Runtime Environment (build 1.8.0_152-release-1248-b01)

[✓] VS Code (version 1.45.1)
    • VS Code at /Applications/Visual Studio Code.app/Contents
    • Flutter extension version 3.10.2

Currently we always treat the first error reported by AuthKit as expected, as it happens that when you request password + Apple ID credentials and the user doesn't have any passwords saved, you would just get a generic error (even though the system would only ever return one or the other credentials anyway…).

This leads to the situation that the first manual cancellation, wich is also only reported as a generic error (status 1000), causes the sheet to be shown a second time.

To workaround this, we could only treat errors within the first second as automatic rejections, and everything else and manual cancellations which should be respected.

Reference: #27 (comment)

While super nice to get started, not having proper version control on the example server makes me a little uneasy.

I should clone that project and setup GitHub mirroring on Glitch.

• What went wrong:
  Execution failed for task ':app:checkDebugDuplicateClasses'.

1 exception was raised by workers:
java.lang.RuntimeException: java.lang.RuntimeException: Duplicate class com.google.common.util.concurrent.ListenableFuture found in modules guava-20.0.jar (com.google.guava:guava:20.0) and listenablefuture-1.0.jar (com.google.guava:listenablefuture:1.0)

once the pub removed, the build was successful.

Getting this exception when I added activity into AndroidManifest.xml file and hit sign in with apple button.
Unhandled Exception: UnknownSignInWithAppleException(MISSING_ACTIVITY, Plugin is not attached to an activity

Is there any configuration issue?

Hi, any plans to support that?

I implemented a working solution here: eduribas@c543775

I basically used the same approach you used for Android sign in. Please let me know if you are interested on this solution, I'll be happy to send a pull request.

I don't see Apple talking about that, but if my app is forced to use Apple Login (because it's using Google login, for example), it would be incompatible with iOS versions prior to 13 unless I fallback the authentication to the web.

调起苹果登录（不是授权弹出框），点击弹出框的取消按钮，弹出框会向下弹出，过1秒又弹出来了（重复一次），再次点击取消按钮，就取消掉了弹出框，这是什么问题？？？

• Should check SiwA availability via the native plugin
• Ideally could already detect if Apple ID is not properly configured, to not show the button when it wouldn't do anything for the user

Implementation suggestion: #27 (comment)

I can't get it working on Android with Flutter 1.17.0 (I'm on beta channel) and plugin version 2.1.0

Here is how authentication is requested:

class AppleAuthService {
  Future<AuthorizationCredentialAppleID> signIn(String nonce) {
    return SignInWithApple.getAppleIDCredential(
      scopes: [AppleIDAuthorizationScopes.email],
      webAuthenticationOptions: _getOptions(),
      nonce: nonce,
    );
  }

  WebAuthenticationOptions _getOptions() {
    if (Platform.isIOS) {
      return null;
    }
    return WebAuthenticationOptions(
      clientId: _clientId,
      redirectUri: UriData.fromString(_webUrl).uri,
    );
  }
}

I see sign_in_with_apple being registered in GeneratedPluginRegistrant.java (yes, my android project is still in java). Any hints what may causing this error?

Thanks for the awesome package!

Sorry if this is just my config but I've tried a few times in different projects - the simplest repro I can come up with is:

• start with the example project
• update main.dart
  • add clientId & redirectUri values from a previously created working (on ios) project
  • remove the nonce and state
• update the ios project with the Team and Bundle Identifier values from the previously created project
• update the macOS project with the Team and Bundle Identifier values from the previously created project

When I enter the password, the windows shakes like the password is incorrect (it's definitely not, copied and pasted many times over, same copy and paste works in ios):

I need to get the real email to connect with my user, but I’m getting only the private email even if I selecting the real email

intent://callback?${PARAMETERS FROM CALLBACK BODY}#Intent;package=YOUR.PACKAGE.IDENTIFIER;scheme=signinwithapple;end

Where do I find ${PARAMETERS FROM CALLBACK BODY}? I'm using Firebase Auth not a custom server.

After integrating sign_in_with_apple into my existing Flutter project I receive the following error when running the application on Android in debug and release mode:

What went wrong: Execution failed for task ':app:checkReleaseDuplicateClasses'. 1 exception was raised by workers: java.lang.RuntimeException: Duplicate class com.google.common.util.concurrent.ListenableFuture found in modules guava-20.0.jar (com.google.guava:guava:20.0) and listenablefuture-1.0.jar (com.google.guava:listenablefuture:1.0)

Adding the package with the latest version to my pubspec.yaml is enough to make the application crash. I also followed the step in the ReadMe Setup section. I've installed the latest version stable Flutter version (1.17.3) on my machine.

pubspec.yaml file:

environment:
sdk: ">=2.4.0 <3.0.0"

dependencies:
flutter:
sdk: flutter
provider: ^4.1.2
get_it: ^4.0.2
flutter_dotenv: ^2.1.0
logger: ^0.9.1
google_sign_in: ^4.5.1
flutter_facebook_login: ^3.0.0
flutter_svg: ^0.17.4
flutter_secure_storage: ^3.3.3
device_info: 0.4.2+4
shared_preferences: ^0.5.7+2
json_serializable: ^3.3.0
cupertino_icons: ^0.1.2
url_launcher: ^5.4.7
image_picker: ^0.6.6+4
dio: ^3.0.9
http_parser: ^3.1.4
cached_network_image: 2.2.0+1
photo_view: ^0.9.2
intl: ^0.16.1
get: ^2.5.6
firebase_analytics: ^5.0.14
share: ^0.6.4+3
sign_in_with_apple: ^2.5.0

dev_dependencies:
build_runner: 1.10.0
flutter_test:
sdk: flutter
flutter_launcher_icons: "^0.7.3"

What can be the reason of this error? Think I have "Sign In with Apple" in the provisioning profile already.

Unhandled Exception: SignInWithAppleAuthorizationError(AuthorizationErrorCode.unknown, The operation couldn’t be completed. (com.apple.AuthenticationServices.AuthorizationError error 1000.))
#0      SignInWithApple.getAppleIDCredential (package:sign_in_with_apple/src/sign_in_with_apple.dart:137:7)
<asynchronous suspension>

I think we could even drop these and write our own quick helper function

Originally posted by @HenriBeck in #8

Hey guys, thanks for the great work. I'm trying to research what would need to happen to implement this for flutter web (Our users aren't going to be so happy when they can't login to their account from the web). Can you point me in the right direction or share the hurdles I might face with that?

Should we add them? Presumably to the individual package's README file, where they would also show up in pub.dev.

[codecov](https://codecov.io/gh/aboutyou/dart_packages/branch/master/graph/badge.svg?flag=sign_in_with_apple)](https://codecov.io/gh/aboutyou/dart_packages)

Doesn't seem uncommon, e.g. https://pub.dev/packages/provider