Comments (31)
A suggestion would be maybe to amend the example app with code that shows how to perform (i) logout, and (ii) the daily re-validation procedure required by Apple using the Glitch example server.
from dart_packages.
Running into the same issue as @davidAg9 attempting to implement a 'revoke token' flow on user account deletion.
The issue we're running in to is:
- Delete a user account and make a request to apple to revoke the access token (server side).
- Then, in the flutter app, tap the 'Sign in with Apple' button.
- The apple auth dialog does not appear. Instead, the
AuthorizationCredentialAppleID
credential is re-used and the access token associated with the deleted user is sent to the server for authentication. - Since the access token's been revoked, the authentication request to Apple returns a 400 error:
{'error': 'invalid_grant', 'error_description': 'The code has expired or has been revoked.'}
.
A fix would be to add signOut()
function so the user has the ability to select a different account or so we can generate a new access token. The GoogleSignIn package offers a signOut() method that I use for the same purpose.
from dart_packages.
Hey @gerryau,
the usual flow would be that a session is created in "your backend" system when the user provides the data from Apple (the backend then validates this data with Apple's servers and either creates a new account or log the client into an existing one).
So the logout would happen like any logout in your system. You'd remove the users session from the storage (and at the same time stop the daily polling to Apple's servers if the user is still active, if you had that implemented).
Or do you use the credential in a different way, that wouldn't allow for this flow?
From you backend system's point of view, it's important to not trust the incoming credential data outright, but only after validating it with Apple's servers.
Please let me know where you think would be a good spot to add this into the documentation – we'd be happy to improve it.
from dart_packages.
How, can I delete the saved user credentials on iOS? I want to switch from real mail to anonymous mail, but every time I start the process again, I can't change my name or mail. A logout function for "apple sign in" (on the client) would be very helpful.
from dart_packages.
the authentication reference is not removed from apple and there is this user decides to register once again with said example app ,app will not be able to retrieve name and email as apple releases this only once .So best solution is to create an archive in the database to store deleted users
@davidAg9 Are you sure this holds true even when you call the revoke_tokens
endpoint?
To me that sounds like it could be have the same way as if the user logs out of "your app" from their Apple ID settings.
Thus when the user logs in again, you'll receive new tokens and likely the e-mail address & name (which they have then chosen).
I have no practical experience with account deletion, but it just seems to me that Apple wouldn't force you to support account deletion, while at the same time having a flow which would require you to keep e.g. the e-mail address. That would just utterly defeat the purpose of the whole requirement, no?
from dart_packages.
@uc-dve this is not a bug ticket and this shouldn’t stop you from releasing.
The code which needs be written to implement a logout functionality is on your server and not in this plugin.
The ticket here is only about adding documentation, maybe extending the example with it.
from dart_packages.
Thanks for your quick response.
But I have a doubt, if we want to use another apple-id for sign-in, then how can we reset it through the app as it do not provide any option once we use an Id.
from dart_packages.
@uc-dve that's why you need to implement a logout functionality in your app and server. After logging out, you can login with a different Apple ID.
Note that on iOS the only Apple ID that you can log in with is the primary one on the device.
from dart_packages.
Please provide an example for logout and how to remove session from this server.
When doing sign in, getting session as Instance of 'Response'.
from dart_packages.
@neha-madhini as we don't provide a full server implementation example, there is no point in providing an example regarding the logout.
The only important thing to do is to log out the user from our server, e.g. clearing the session in your database.
Because this is highly specific to the stack and technologies someone is using, providing an example that would work for everyone is practically impossible.
from dart_packages.
@davidAg9 no, you should delete all data connected to the account unless it's not allowed due to legal reasons.
If they register again with your App, the user should receive a new account that is not connected to the old one.
from dart_packages.
So, there's no quick way to revoke credentials like over providers's packages do (e.g. google
, facebook
, etc.)?
Apple logout should be quickly performed with something like await AppleSignIn.signout()
. I don't quite understand why this shouldn't be a thing on this package.
from dart_packages.
Kindly provide this as its very important part of a secure app. We are unable to release our projects due to this bug. Or if any ETA can be provided that would be very helpful. Thanks
from dart_packages.
What about if user will log out from apple in device settings - iPhone? So how we can listen it in the app?
from dart_packages.
@tim-teacher there is the getCredentialState for checking the state of the authentication on the client.
from dart_packages.
@mars3142 you will need to revoke your apps permission here: https://appleid.apple.com/account/manage
from dart_packages.
apple announced that any app registering a user should give options for deletions , This mean once a user opts out my backend should be able to purge all related records for the user, including signing records , so first , I assume this packages calls native apis , and towards that end I want to ask if there is a functionality for sign out with apple and if that is the case , this plugin should support , preferably before 30 June. Thank you . Any further explanation is welcomed
Refference to the announcement -
Apple account deletion requirement
from dart_packages.
@davidAg9, as stated previously, a logout needs to happen only on your server, and this is nothing where native APIs are called.
The most important part there is to clear sessions in your DB and revoke any tokens that the BE created with this endpoint: https://developer.apple.com/documentation/sign_in_with_apple/revoke_tokens
And since this endpoint requires your client's secret, it should only be called from your BE and never from the client.
from dart_packages.
Which means as a safeguard ,we have to keep user records if after they have deleted their accounts, so if they ever want to register we just reference the old account record .since when using apple's authentication the username and email is given only once unless the user has removed sign-in with apple from the app itself .
from dart_packages.
Apple stores a references of the apps that have signed in using its authentication services at appleid.apple.com
You can login to yours and have at a look at all the apps you've signed in ever ...This ultimately means when a hypothetical user deleted his account from an example app ;the authentication reference is not removed from apple and there is this user decides to register once again with said example app ,app will not be able to retrieve name and email as apple releases this only once .So best solution is to create an archive in the database to store deleted users
from dart_packages.
So I am still thinking through the best way to deal with account deletion with apple authentication service i.e signinwithapple
from dart_packages.
With the revoke tokens you endpoint ,I am asking if it cannot be added this package use in a wrapper that implements it
from dart_packages.
And thank you for making me aware of the end point tho,cheers
from dart_packages.
I am using giltch , how i logout , I using flutter
from dart_packages.
the authentication reference is not removed from apple and there is this user decides to register once again with said example app ,app will not be able to retrieve name and email as apple releases this only once .So best solution is to create an archive in the database to store deleted users
@davidAg9 Are you sure this holds true even when you call the
revoke_tokens
endpoint?To me that sounds like it could be have the same way as if the user logs out of "your app" from their Apple ID settings.
Thus when the user logs in again, you'll receive new tokens and likely the e-mail address & name (which they have then chosen).
I have no practical experience with account deletion, but it just seems to me that Apple wouldn't force you to support account deletion, while at the same time having a flow which would require you to keep e.g. the e-mail address. That would just utterly defeat the purpose of the whole requirement, no?
hello again , apple requires that the account deletion directive should be able to remove all information of the user , which can be done ,but the problem of if the user happens to come back he cannot sign in the usual way with apple sign in because apple will not give us the names and email again if requested since the is still an association of the app itself to apples Sign In with Apple service ....The endpoint you mentioned doesn't seem to affect or remove that association...there for apple assumes still that the user has just logged out. @tp
from dart_packages.
Following my above comment , endpoint you specified where we are to provide a client id to the ....firbase generates its own and apple generates in own during the signing process which are we to save and use
from dart_packages.
Running into the same issue as @davidAg9 attempting to implement a 'revoke token' flow on user account deletion.
The issue we're running in to is:
- Delete a user account and make a request to apple to revoke the access token (server side).
- Then, in the flutter app, tap the 'Sign in with Apple' button.
- The apple auth dialog does not appear. Instead, the
AuthorizationCredentialAppleID
credential is re-used and the access token associated with the deleted user is sent to the server for authentication.- Since the access token's been revoked, the authentication request to Apple returns a 400 error:
{'error': 'invalid_grant', 'error_description': 'The code has expired or has been revoked.'}
.A fix would be to add
signOut()
function so the user has the ability to select a different account or so we can generate a new access token. The GoogleSignIn package offers a signOut() method that I use for the same purpose.
I have found a solution and well not the wrapper we wanted ,but it will let you implement yours easily. see link
from dart_packages.
@davidAg9 Apples client side APIs don't offer a signOut
function, so we also can't add one to this package.
We will also provide no APIs for the revoke token function within this package since under no circumstances should this API be called from the client side.
Apple should remove the connection to your App when the revoke token endpoint has been called and upon a new login you should get the user information again.
I will test this tomorrow again myself but afaik our own QA did check this and for them, this worked.
from dart_packages.
Running into the same issue as @davidAg9 attempting to implement a 'revoke token' flow on user account deletion.
The issue we're running in to is:
- Delete a user account and make a request to apple to revoke the access token (server side).
- Then, in the flutter app, tap the 'Sign in with Apple' button.
- The apple auth dialog does not appear. Instead, the
AuthorizationCredentialAppleID
credential is re-used and the access token associated with the deleted user is sent to the server for authentication.- Since the access token's been revoked, the authentication request to Apple returns a 400 error:
{'error': 'invalid_grant', 'error_description': 'The code has expired or has been revoked.'}
.A fix would be to add
signOut()
function so the user has the ability to select a different account or so we can generate a new access token. The GoogleSignIn package offers a signOut() method that I use for the same purpose.I have found a solution and well not the wrapper we wanted ,but it will let you implement yours easily. see link
I have already implemented the sign out feature apple require and I have shared the solution above
from dart_packages.
getting null in subsequent sign-ins in flutter using this package as well as there is no signout option, Apple just provide credentail for the first time but not subsequently, Please help me
from dart_packages.
Maybe we can delete the credentials from the local keychain? I dont have too much experience with apple, but it looks like the session is persisted on the device until I completely reset the simulator
from dart_packages.
Related Issues (20)
- Sign in fails if no Apple account in device HOT 1
- no email in decoded jwt( identityToken ) HOT 4
- [SIGN_IN_WITH_APPLE]"Cannot Complete Request" Error after Clicking "Continue", Flutter Web HOT 1
- <data> tag failed HOT 3
- SSO with Apple in Flutter web not working
- SSO Apple sing in with firebase show Error Continue button not working , Flutter Web
- Apple delete account HOT 1
- sign_in_with_apple ^5.0.0 is forbidden HOT 1
- sign_in_with_apple: Migrate to `package:web` to support WASM HOT 6
- sign_in_with_apple: getCredentialState always returns authorized HOT 3
- Fix deprecation warnings
- Update dependencies (js) in sign_in_with_apple_web HOT 1
- iOS - Apple login not getting correct email and after successful login nothing happens HOT 2
- sign_in_with_apple web: TypeError when the sign in flow completes in version 6.0.0, works in 5.0.0 HOT 6
- I hope to add an option to remove Android dependencies, as Apple login is generally not needed on Android devices. HOT 4
- Add iOS privacy manifests HOT 4
- [sign_in_with_apple] Add privacy manifest file for iOS HOT 1
- Cannot find symbol ... sign_in_with_apple.SignInWithApplePlugin() HOT 5
- Facing issue in getting name in apple signin. HOT 4
- The Android Gradle plugin supports only Kotlin Gradle plugin version 1.5.20 and higher. HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dart_packages.