Hi everyone, I am trying to implement 'Sign-in with Apple' to my website using nextauth verion 4.24.5 on next.js version 14.2.7. I set up the Apple ID and generated the Apple secret. The Apple ID is set to the service ID. Whenever I try and sign in on the site using Apple, (after submitting my username and password on the redirected appleid.com page), nextauth returns this error: [next-auth][error][OAUTH_CALLBACK_ERROR] https://next-auth.js.org/errors#oauth_callback_error id_token not present in TokenSet { error: TypeError: id_token not present in TokenSet { name: 'OAuthCallbackError', code: undefined }, providerId: 'apple', message: 'id_token not present in TokenSet' } This occurs even after specifying openid in the scope, setting the checks to pkce, setting the checks to state, setting idToken to true, and other changes to the config. I have used the AppleProvider from nextauth and my own custom provider and got the same result. The nextauth GoogleProvider works just fine so I know nextauth is set up properly. Do you know how I can fix this? my apple nextauth apple provider config: const customAppleProvider = { id: "apple", name: "Apple", type: "oauth", wellKnown: "https://appleid.apple.com/.well-known/openid-configuration", authorization: { params: { scope: "name email openid", response_mode: "form_post" }, }, state: true, checks: ["pkce"], idToken: true, clientId: process.env.APPLE_ID, clientSecret: process.env.APPLE_SECRET, profile(profile) { return { id: profile.sub, name: profile.name, email: profile.email, image: null, } }, };

I have been facing an issue with my face ID and i am not able to change anything because i have turned on the Stolen Device Protection. What is reason behind not working Face ID? and How can i resolve it?

I'm encountering an issue after upgrading to macOS Sequoia when trying to import a PKCS12 certificate. The following code, which worked fine on previous macOS versions, now returns an error code -25293 (errSecAuthFailed): NSDictionary *options = @{(__bridge id)kSecImportExportPassphrase: @""}; CFArrayRef items = NULL; OSStatus status = SecPKCS12Import((__bridge CFDataRef)pkcs12Data, (__bridge CFDictionaryRef)options, &items); The same build, using the same certificate and import process, works perfectly on earlier versions of macOS. Has anyone else experienced this issue or found a workaround for certificate imports on macOS Sequoia?

NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9807, kCFStreamPropertySSLPeerCertificates=(     "<cert(0x10b811400) s: api.gevernova.com i: GE External Issuing CA 202409200901>",     "<cert(0x10b811c00) s: GE External Issuing CA 202409200901 i: GE External Intermediate CA 2.1>",     "<cert(0x10b832e00) s: GE External Intermediate CA 2.1 i: GE External Root CA 2.1>" ), _kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x600003308d20>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “domain” which could put your confidential information at risk., _kCFStreamErrorDomainKey=3, Xcode: 15.4 simulator iOS version: 17.5 in Info.plist I have this NSAppTransportSecurity NSAllowsArbitraryLoads Note: The server certificate valid.

NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “domain” which could put your confidential information at risk., _kCFStreamErrorDomainKey=3, Xcode: 15.4 simulator iOS version: 17.5 in Info.plist I have this NSAppTransportSecurity NSAllowsArbitraryLoads Note: The server certificate valid.

Hi Team, In previous macOS version, We were using this link to open system extension permission page programmatically for our swift app. x-apple.systempreferences:com.apple.preference.security?General In macos 15 (Sequoia), this pane is moved to system settings-&gt; general-&gt;login Items and extensions-&gt;end point security extensions which is a modal/popup. Can you please share what should be link to open exact this popup for asking permissions.It appears when you click on i button against end point security extensions Based on apple script I could find following link but it opens login item &amp; extensions pane, I want the next popup as above screenshot. "x-apple.systempreferences:com.apple.LoginItems-Settings.extension?extensionItems™

Hello everyone, We have a SDK in which we use keychain to store some data. The customers who integrate our SDK in their app are able to delete our data by using SecItemDelete on kSecClass. Is their any way we can protect the SDK's data from getting delete by the host app or use something only accessible to SDK only ? Thanks

After upgrade mac os , then authorizationdb will be reset. I attempt to execute the following command was unsuccessful % security authorizationdb write com.apple.trust-settings.admin allow NO (-60005)

My device has open passkeys , in setting app. when I performAutoFillAssistedRequests,callback performRequests ASAuthorizationError(rawValue: 1001)".at same time,authController.performRequests could request successfully

My device has open passkeys , in setting app. when I performAutoFillAssistedRequests,callback performRequests ASAuthorizationError(rawValue: 1001)".at same time,authController.performRequests could request successfully

Hi, I am able to fetch the challenge form server and then successfully generate the AttestationObject. When I am sending the AttestationObject to AttestationResult API along with ClientJsonData and CredentialsID as well as few more params. The server side implementation is somehow unable to proceed for registration (Server side unable to validate the AttestationObject). We are getting response from server side "errorMessage":"FID024E The system couldn't find the attestation request." Can you please help us to proceed AttestationObject and how we can successfully register a user?

Hi, First of all I want to state that I've read and re-read these 3 links and I think they don't explain or solve my question below: Transferring your apps and users to another team Bringing new apps and users into your team TN3159 So I have to transfer one of my apps that uses "Sign in with " from one AppStore account to another one. I also want to migrate any user with an open session so that no sessions are lost. I also have a clear idea on how to generate transfer ids and also how to retrieve new credentials (sub and email) for the migrated users. So what's my question then? Well let's imagine I have a transfer id for each and every user, and also want to initiate the app transfer process: What happens with a user who was authenticated using Sign in with Apple, during that period of time in which the app has finished transferring but the users haven't been migrated yet? Are the old account credentials still valid? (Maybe during that 60-day period time?) Once I have migrated the app but haven't yet migrated users, can I safely migrate one user to test and validate the process; or is there any way to test it in a sandbox-like environment? Now I execute a script that generates new credentials (sub and email) for every user with a transfer id; and update these values in my backend database: Do I have to do anything else? Do I need to perform this request from the app client even when I have updated my servers information already? Is there any other remaining detail or tip to perform a smooth user migration? Thanks,

Hi team, I'm trying to test facid enroll the faceid via simulator [i have injected the command in driver.executeScript option and i have notice in logs enrollment has changed. coreauthd: (DaemonUtils) [com.apple.LocalAuthentication:Server,Biometry] BK notification received: com.apple.BiometricKit.enrollmentChanged in further logs noticed Biometricsupport.framework is missing in xcode file locations logs for your reference " lstat of /Library/Developer/CoreSimulator/Volumes/iOS_21F79/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 17.5.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/BiometricSupport.framework/Info.plist failed: No such file or directory)" any thoughts on missing library? I have tried Faceid and Authorize apple pay in UI also i dont see any action triggered. later i have identified not sure is that because of the Biometric framework missing in the xcode folder.

We are using performRequestsWithOptions to enable passkey on ios app. [authController performRequestsWithOptions:ASAuthorizationControllerRequestOptionPreferImmediatelyAvailableCredentials]; Based on apple doc, this will "Tells the authorization controller to prefer credentials that are immediately available on the local device.", and fail silently if there are no credentials available. However, in recent testing, we identified that on one device, we are seeing QR code popping up even though there's no credential on the device. Question is this a bug on the OS system? If this is a bug, what are the causes that will trigger this condition? Is there a recommendation to mitigate the issue? Should we move to the new api? Thank you.

Hello, I am using the prf extension for passkeys that is available since ios 18 and macos15. I am using a fixed, hardcoded prf input when creating or geting the credentials. After creating a passkey, i try to get the credentials and retrieve the prf output, which works great, but i am getting different prf outputs for the same credential and same prf input used in the following scenarios: Logging in directly (platform authenticator) on my macbook/iphone/ipad i get "prf output X" consistently for the 3 devices When i use my iphone/ipad to scan the qr code on my macbook (cross-platform authenticator) i get "prf output Y" consistently with both my ipad and iphone. Is this intended? Is there a way to get deterministic prf output for both platform and cross-platform auth attachements while using the same credential and prf input?

I would like to ask how to resolve the issue in iOS 18 where installed root certificates or self-created certificates do not appear in the Certificate Trust Settings (Enable Full Trust for Root Certificates) list. I tried downloading a certificate from Apple’s official site (https://www.apple.com/certificateauthority/), but it also did not show up in the list for me to enable. Has anyone else encountered a similar problem? Thank you!

I'm currently exploring Apple's Auth-Plugin extension and have modified the authdb to log in to a Mac device without using the default login password. Specifically,I am replacing builtin:authenticate,privileged with a custom privileged mechanism that authenticates the user and grants desktop access based on our custom logic. However, this approach does not unlock the user's Keychain. Since I'm bypassing the login password, the Keychain remains locked. I'm considering whether a certificate-based persistent token could be used to unlock the Keychain. Is this approach recommended, or is there a more suitable solution, such as using CryptoTokenKit or another available API?

Installed Charles Certificate in my iPad having iOS 18 Previously after installing certificate in old iOS version user was getting trust option automatically in Certificate Trust Setting Now There is no option to trust any certificate

Hello, I'll describe an issue I just reported as FB15286954, hoping to see your thoughts on it / what might've gone wrong. Earlier today, I created an account for a website on my iPhone running the release version of iOS 18.0 using Safari, then added 2FA via the Passwords app. I logged in, checked that it works, then closed Safari and did something else (not much on my phone). In the meantime the phone shut down due to low battery. When I charge it again, and open the Passwords app, I come to find out that the verification codes for this website are gone… What could've gone wrong? I was prompted by the website to save a code to check that 2FA was properly configured, so I think I saved it properly in the app (by the way, the password was still there, properly saved). I assume there was a syncing error between iCloud and my iPhone due to low battery? Is there any way to recover the verification codes? I'll try to reclaim the account through the website's support channels, but I'm wondering if I could still retrieve it somehow.

Hi , I did The MFA(2FA) of Email OTP For MacOS Login Screen using, Authorization Plugin, Using This git hub project. It is working For Login Screen , Im trying to Add The Same plugin for LockScreen but it is not working at lock Screen , Below is the reffrense theard For The issue , https://developer.apple.com/forums/thread/127614, please Share The Code that should Present the NSwindow at Screen Saver (Lock Screen) MacOS .