How to Enable Sign in with Apple for iOS and website?

Hello Everyone,

I am working on deploying our custom iOS application alongside our platform. However, I am stuck with the following two problems for the iOS application and the website.

1. The iOS Application

The iOS application used to connect without a problem in Lilac, however, now I receive a 400 error when trying to log in with Maple.

Apple made Sign in with Apple mandatory, so I need to fix this issue to be able to release the app.

Here are the relevant logs for the iOS application’s attempts to sign in with Apple.

tutor_maple_dev-lms-1  | [26/Jul/2022 11:03:55] "GET /user_api/v1/account/registration/ HTTP/1.1" 200 10477
tutor_maple_dev-lms-1  | 2022-07-26 11:04:02,207 INFO 15 [tracking] [user None] [ip 172.21.0.1] logger.py:41 - {"name": "/oauth2/exchange_access_token/apple-id/", "context": {"user_id": null, "path": "/oauth2/exchange_access_token/apple-id/", "course_id": "", "org_id": "", "enterprise_uuid": ""}, "username": "", "session": "<REMOVED>", "ip": "172.21.0.1", "agent": "edX/7 CFNetwork/1335.0.3 Darwin/21.6.0", "host": "<REMOVED>", "referer": "", "accept_language": "en-US,en;q=0.9", "event": "{\"GET\": {}, \"POST\": {\"client_id\": [\"login-service-client-id\"], \"access_token\": [\"<REMOVED>", "time": "2022-07-26T11:04:02.207423+00:00", "event_type": "/oauth2/exchange_access_token/apple-id/", "event_source": "server", "page": null}

2. Website

I have also followed this topic to enable the website side: Can anyone please tell me what is the correct way to add sign in with apple?

However, I am stuck with the same problem as @tomg10.

Does anyone have any idea what might be causing either of these problems?

Thank you!

I have discovered that there is a line in the following file that creates a whitelist.

You can also see that state is being posted, however, later dropped.
Screen Shot 2022-07-26 at 19.36.38

Screen Shot 2022-07-26 at 19.36.52

I am wondering whether this part has a relation to the problem. Simply adding state to the whitelist did not solve the problem.

This problem was caused by cookies. Edit: Adding a tag related to this problem for easier searching: AuthStateMissing

The development setup uses SESSION_COOKIE_SAMESITE = "Lax" while the production setup uses SESSION_COOKIE_SAMESITE = "None". Using None during testing fixed the missing state value problem.

However, now there is a new problem Authentication process canceled.

1 Like

The Authentication process canceled was caused due to wrong configuration of the Apple-id provider.

For future reference, the following configuration should be used.

Value Explanation
Client ID Private Key Id
CLIENT Service ID
AUDIENCE Service ID, App ID
KEY Key ID
TEAM Team ID

I can now receive the token from Apple, however, I receive auth_entry invalid error.

I have figured out that auth_entry invalid is caused by the following line in the common/djangoapps/third_party_auth/pipeline.py file.

if auth_entry not in _AUTH_ENTRY_CHOICES:
        raise AuthEntryError(strategy.request.backend, 'auth_entry invalid')

Basically, the OAuth should be triggered from a context ie. login or register to be valid. This can be achieved by enabling the Visible option in the OAuth configuration in Django Admin after reaching this error.