Sign In With Apple JS nonce error

Question

I am trying to figure out how to configure sign in with apple in JS and no matter what I do I keep running into this same issue:

"app.js:231 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://*.apple.com https://*.cdn-apple.com ". Either the 'unsafe-inline' keyword, a hash ('sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw='), or a nonce ('nonce-...') is required to enable inline execution."

I don't understand why no matter what I do that this keeps coming up. I pass in a nonce and I still get this error.

<meta name="appleid-signin-client-id" content="{ID}">
<meta name="appleid-signin-scope" content="name email">
<meta name="appleid-signin-redirect-uri" content="{URL}">
<meta name="appleid-signin-nonce" content="nonce-2726c7f26c">
<meta name="appleid-response-mode" content="formpost">
<meta name="appleid-signin-use-popup" content="true">

I keep trying to pass in different values for nonce just to get the window working but I keep running into a screen that says "invalidrequest" and that error I put above.

I don't understand how best to generate a nonce inline like this but I was hoping just to get it working one time to prove the concept. Assistance would be much appreciated.

3.9k

Posted by

KGraham

Reply

Add a Comment

Answer 1

I know this is a very new service but it would be nice if Apple provided more detailed documentation for the REST API. It's pretty sparce.

Posted by

Syzzle

Add a Comment

Answer 2

Hello,
Have you ever been able to resolve this issue?

I am encountering the same issue with Web SignIn

Posted by

bluesclues9

Add a Comment

Answer 3

Hi. Is there any news or somebody found solution for Web popup signin?

Posted by

WebSeven

Add a Comment

Answer 4

Following up, this still happens until now.

Posted by

AlohaSpark

Add a Comment

Answer 5

Not resolved as well

Posted by

dalk

Add a Comment

Answer 6

I'm also facing this issue and trying to find a solution for it. I don't think the nonce here is the same as Apple's nonce. I'm guessing this Content Security Policy directive is a separate thing that requires it's own nonce, hash, or the keyword unsafe-inline to be added somewhere. I'm continuing to find a solution to this problem with no luck so far.

Note that I'm configuring the authorization object using the JavaScript APIs, not by using markup, and facing the same issue.

Code Block html<script type="text/javascript" src="https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js"></script>
<div id="appleid-signin" data-color="black" data-border="true" data-type="sign in"></div>
<script type="text/javascript">
    AppleID.auth.init({
        clientId : '[CLIENT_ID]',
        scope : '[SCOPES]',
        redirectURI : '[REDIRECT_URI]',
        state : '[STATE]',
        nonce : '[NONCE]',
        usePopup : false
    });
</script>

I'm also using Google Chrome to test my Sign In with Apple implementation.

Posted by

alobaili

Add a Comment

Answer 7

It is clearly an Apple issue that they need to resolve. This issue is not present in Safari or iOS (any browser).

Posted by

sherlockholmesau

Add a Comment

Answer 8

I'm also experiencing this issue, tried many different variations of configuration.

Posted by

dseliukov

Add a Comment

Answer 9

Went down this path as well for at looong time as this was the only error messages I got, until I realised that my redirectURI was wrong because of my fiddling between a test- and a local server.

What gave it away in the end was that my staging server worked fine. 🤷‍♂️

Posted by

Montan

Add a Comment

Answer 10

@Montan Can you give some extra details? Were you trying to use a redirect url that did not match the registered return url?

Posted by

e-oj

Add a Comment

Sign In With Apple JS nonce error

Replies