I am trying to implement sign in with apple with firebase. I cannot get around an issue where I get the following error when attempting a sign in:
When running:
Auth.auth().signIn(with: credential) { (authResult, error) in
I get:
nil credential = OAuthProvider.credential Optional(Error Domain=FIRAuthErrorDomain Code=17004 "The audience in ID Token [com.name.app] does not match the expected audience." UserInfo={NSLocalizedDescription=The audience in ID Token [com.name.app] does not match the expected audience., FIRAuthErrorUserInfoNameKey=ERROR_INVALID_CREDENTIAL})
Optional("The audience in ID Token [com.name.app] does not match the expected audience.")
I have added my URL as stated on firebase to my identifier.
To complete set up, add this authorization callback URL to your app configuration in the Apple Developer Console. Additional steps may be needed to verify ownership of this web domain to Apple.
More code:
func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {
if let appleIDCredential = authorization.credential as? ASAuthorizationAppleIDCredential {
guard let nonce = currentNonce else {
fatalError("Invalid state: A login callback was received, but no login request was sent.")
}
guard let appleIDToken = appleIDCredential.identityToken else {
print("Unable to fetch identity token")
return
}
guard let idTokenString = String(data: appleIDToken, encoding: .utf8) else {
print("Unable to serialize token string from data: \(appleIDToken.debugDescription)")
return
}
print("credential = OAuthProvider.credential")
// Initialize a Firebase credential.
let credential = OAuthProvider.credential(withProviderID: "apple.com",
idToken: idTokenString,
rawNonce: nonce)
//Auth.auth().createUser(withEmail: T##String, password: T##String, completion: T##AuthDataResultCallback?##AuthDataResultCallback?##(AuthDataResult?, Error?) -> Void)
// Sign in with Firebase.
Auth.auth().signIn(with: credential) { (authResult, error) in
print(Auth.auth().currentUser?.uid ," credential = OAuthProvider.credential ", error)
Authentication Services
RSS for tagImprove the experience of users when they enter credentials to establish their identity using Authentication Services.
Posts under Authentication Services tag
95 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
I am facing one issue while trying to Sign in with Apple. error is as below:
"The Operation couldn't be completed (com.apple.AuthenticationServices.AuthorizationError error 1000.)"
I get this error as soon as the button is pressed it doesn't even get into the actual sign-in part.
I have verified that entitlements file is there with the below content:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "">
<plist version="1.0">
<dict>
<key>aps-environment</key>
<string>development</string>
<key>com.apple.developer.applesignin</key>
<array>
<string>Default</string>
</array>
</dict>
</plist>
I transferred the project and certificates from another machine. So deleted all the certificates and provisional profiles and recreated them from the new machine but faced an issue.
Also, It only happens in exported (Archived build). When I directly install it from Xcode it is working fine.
I have followed the official apple document to implement it. below is how I'm requesting the authentication:
currentNonce = randomNonceString()
let request = ASAuthorizationAppleIDProvider().createRequest()
request.requestedScopes = [.fullName, .email]
let controller = ASAuthorizationController(authorizationRequests: [request])
request.nonce = currentNonce?.sha256()
controller.delegate = self
controller.presentationContextProvider = self
controller.performRequests()
Below are delegates:
func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {
switch authorization.credential {
case let appleIDCredential as ASAuthorizationAppleIDCredential:
//Authenticated
break
default:
break
}
}
func presentationAnchor(for controller: ASAuthorizationController) -> ASPresentationAnchor {
return self.view.window!
}
func authorizationController(controller: ASAuthorizationController, didCompleteWithError error: Error) {
Utils.showAlert(withMessage: error.localizedDescription)
}
Any help would be appreciated
Hi,
I have a problem with associated domains developing Passkeys app.
Adding alternate mode(developer mode) to Associated Domains Entitlement, it works fine.
But in non developer mode, CDN doesn't seem to read the AASA file.
AASA file's path is: https://(host).(rootdomain)/.well-known/apple-app-site-associtation
I checked the TLS certificate conditions and all conditions are met.
https://support.apple.com/en-us/HT213464
https://support.apple.com/en-us/HT210176
https://support.apple.com/en-us/102028
Is there another reason why it only works in developer mode?
Thanks for your reply.
My App just uses Phone Number Authentication only . There is no Email/Password , Google , FaceBook, Apple or any other Social Authentication.
So i just wanted to ask that will my app be accepted by Appstore based on Appstore Guidelines as I am not using Apple Authentication & only using Phone Number Authentication.
Your help will mean a lot.
Hi devs!!!
Calling createCredentialRegistrationRequestWithChallenge returns the following error:
Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.AuthenticationServicesCore.AuthenticationServicesAgent" UserInfo={NSDebugDescription=connection to service named com.apple.AuthenticationServicesCore.AuthenticationServicesAgent}
What can be the potential reason?
When we call ASWebAuthenticationSession with preferEphemeral = false macOS generates this dialog with a meaningless "(null)". This looks very odd and scary for a normal person. Why it shows "null" and can we control this to make it meaningful at least?
Hi Team,
Is it possible to access the user's birthday and gender when they login with Apple option?
I've checked Apple Authentication Services framework but found nothing about it. The only information we can access is user's name and email.
However, I received a review note saying that this information is already provided by the Apple Authentication Services framework.
Please kindly share the solution or tell me what should I do to resolve this issue.
Cheers,
Vanto
I'm trying to implement passkeys in my app. I successfully get to the dialog in iOS simulator to register with a Passkey and I can also read the result and see all the right things in credentialRegistration.rawClientDataJSON. The one thing that's not working is when decoding the rawAttestationObject (which should be CBOR as I understand), I find all data defined in the spec (aaguid, credentialIdLength, credentialId) except for the credentialPublicKey! The rawAttestationObject basically ends after the credentialId. I see this both when decoding the rawAttestationObject manually as well as when using WebAuthn libraries on the server, which will give me an "Unexpected end of CBOR data" error.
Any ideas why the rawAttestationObject does not contain the public key?
For reference, here is the initialization of the Passkey request:
let publicKeyCredentialProvider = ASAuthorizationPlatformPublicKeyCredentialProvider(relyingPartyIdentifier: options.domain)
let registrationRequest = publicKeyCredentialProvider.createCredentialRegistrationRequest(challenge: challenge, name: name, userID: userID)
let authController = ASAuthorizationController(authorizationRequests: [ registrationRequest ])
authController.performRequests()
And here is how I handle the result:
case let credentialRegistration as ASAuthorizationPlatformPublicKeyCredentialRegistration:
let rawAttestationObject = credentialRegistration.rawAttestationObject!.base64EncodedString()
let credentialID = credentialRegistration.credentialID.base64EncodedString()
let rawClientDataJSON = credentialRegistration.rawClientDataJSON.base64EncodedString()
let response: PasskeysResponse = [
"attestationObject": rawAttestationObject,
"credentialId": credentialID,
"clientDataJson": rawClientDataJSON,
]
Here is an example for a decoded attestation object:
{
"rpIdHash": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViYmW4=",
"flags": {
"userPresent": false,
"userVerified": false,
"backupEligibility": true,
"backupState": true,
"attestedCredentialData": true,
"extensionData": false
},
"signCount": 425116148,
"aaguid": "20318e2d-77fa-f54d-bed7-ba15ccd3fade",
"credentialId": "1B1KJf6uYF0AAAAAAAAAAAAAAAAAAAAAAAAAAAAUQW65BAqkeKqu97vbc0Se5R1F3Y+lAQIDJiABIVggtdSX2ZAHsBxU4ja1xP6hCZGUXgUCb6Ipau3stU8rrz4iWCBwhOBWOgwT4yKRnU1hA11thC8+CvjmrCkfq//648cwHg==",
"credentialPublicKey": ""
}
As you can see, it looks all good except for the "credentialPublicKey": "" part.
We are working on implementing FIDO2 with passkeys and its works fine in the consumer with Apple ID. On the Enterprise level we can't able to make it because corp device don't have option to enable Apple ID and its disabled by MDM as per policy.
is there any alternate approach where corp device can use FIDO authentication without using Apple ID?
thanks
What policy does apply to me as I have a working application that serves contents based on their chosen location or place which does not require any login but for some super users I will open webview where they can authenticate themself and view/change thee only do I still need to provide test credential and any policy that apply to me related to data and privacy as the content will be also shown via webview and my app only served to US region.
I'm implementing passkeys by following the example from the Food Truck sample project. I have nearly everything working, but there's one problem. I'm using the AuthorizationController environment value and passing that to my login and register functions, but when I call authorizationController.performAutoFillAssistedRequest, I don't see or know of any way to cancel it, so if the user tries to type in their username instead of use the autofill suggestion, the second (non-autofill) request throws the error, The operation couldn’t be completed. Request already in progress for specified application identifier. I know that ASAuthorizationController has a cancel() function, but is there any way to do this with AuthorizationController?
Hi,
I want to implement FIDO based biometric authentication in our app. I don't want to use passkeys because they are only compatible with iOS 16 and higher.
Is there a way to use it through the SFSafariViewController, a web view, ASWebAuthenticationSession or any another method?
I keep getting the following error when trying to run Passkey sign in on macOS.
Told not to present authorization sheet: Error
Domain=com.apple.AuthenticationServicesCore.AuthorizationError Code=1
"(null)"
The same piece of code is working as expected on iOS.
Some more info:
The association file and entitlements are correct and validated as everything is working on iOS.
The app is built on SwiftUI and use the same codebase for macOS and iOS
Validated that the presentation anchor is also correct on macOS because other SSO login works with the same presentation anchor.
Not sure where the problem is. Followed https://developer.apple.com/documentation/authenticationservices/public-private_key_authentication/supporting_passkeys/ to get the integration.
Hello.
Does WKWebView on Mac support FIDO2(webauthn)?
We need to implement this in our app and ASWebAuthenticationSession API comes up in searches all the time as the only solution. Is this still the case?
From my experiments ASWebAuthenticationSession on Mac doesn't provide best user experience - too much fiddling and odd behavior for an end user.
F.e. user needs to click Open button from the browser window to pass token to the very same app which initiated the window and this is not very logical considering all the efforts to setup applink.
Would appreciate an advice.
Whenever user try to login,
it automatically uses hidden email for some reason.
Therefore existing users from mobile app can't access web :(
Anyone having this issue? How do I solve this?