As the title suggests, I have implemented Sign in with Apple. After submitting my app online, I found that I can not get the user's email while I can get the username.
I collect the username and email and I found I can not get user email sometimes when the user first authorizes my app. Any reply appreciated!!!
The section Send Information to Your App Servers on the Apple Developer website states that this information is only returned to you the first time the user authenticates with Apple Sign In. You will need to store those details yourself in order to retrieve them again on subsequent logins.
Related
I am trying to make login using OAuth2 using Apple Sign in. and I need to save the user email to the server.
after reading Sign in with Apple and authenticate with Firebase documentation , it said that
Unlike other providers supported by Firebase Auth, Apple does not
provide a photo URL.
Also, when the user chooses not to share their email with the app,
Apple provisions a unique email address for that user (of the form
xyz#privaterelay.appleid.com), which it shares with your app. If you
configured the private email relay service, Apple forwards emails sent
to the anonymized address to the user's real email address.
apple will generate unique fake email like xyz#privaterelay.appleid.com if the user refuses to share their original email.
if the user logout and then login again, will the fake email will be the same? or apple will generate a new fake email like new123#privaterelay.appleid.com ?
I would like to know if there is a way to find out before I send the authorization request if a user is signing up to my app with Apple for the first time, or if he/she is already registered and just signs in.
Basically I have a registration screen in my app, where a user can create two types of users and a login screen where both users can log in. I would like to keep the registration and login separate, so for that I need to know whether its a first sign in with apple.
I'm not sure what database you're using but for Cloud Firestore there is a Sign-in method that can be used with Apple.
Apple SignIn is designed in a way that you only receive the email-address and the users name during the initial signin / when you create an account. My App is running on a parse backend, so when a user signs in the first time I create a parse user and save the name and email to it. The user can delete the account in my app - when he does, I delete the parse user object which includes the id and the token, but also email and name. When a user decides to reregister, Apple assumes that he already has an account and only gives me the id and token, with which I can create a new parse user but I cannot get the email / name again. Is there any proper way to handle this issue?
You need to revoke the user token when the user deletes his account.
You can do it by using Apple API explained here in Apple docs
Once you do it, when a user deletes his account and sign in again, you will get his email and name, as if it is his first time login in your app!
So I'm implementing sign in with Apple, everything goes well on the simulator, I request email, fullName scopes, the authenticate UI shows, and I can get the data, as images shown below:
But when testing on real device (iPadOS 13, iPad 2018), the UI didn't show (it does not asks for name and email on the UI), and I can't get the email, fullName from the response, and I can also confirm that the authorizedScopes are empty, I can only get the user identifier
I believe this is a bug and will file a radar, also posted a discussion on the Apple developer forum (but they usually won't approve my post, I don't know why)
If this is not a bug, can somebody tell me how to fix this?
Thanks
Problem solved! tl;dr
This is an expected behavior
Answered by Apple Engineer
(Original post link: https://forums.developer.apple.com/thread/121496)
Hi aslkdjalksdjasdasd,
This behaves correctly, user info is only sent in the ASAuthorizationAppleIDCredential upon initial user sign up. Subsequent
logins to your app using Sign In with Apple with the same account do
not share any user info and will only return a user identifier in the
ASAuthorizationAppleIDCredential. It is recommened that you securely
cache the initial ASAuthorizationAppleIDCredential containing the user
info until you can validate that an account has succesfully been
created on your server.
Patrick
2019/12/15 Edit
This behavior is also documented on Apple's Sign in with Apple doc, check the documentation.
Ensure that your app relays the credentials and user information to your app servers.
The API collects this information and shares it with your app the first time the user logs in to the app using Sign in with Apple. If the user then uses Sign in with Apple on another device, the API doesn't ask for the user’s name or email again. It collects the information again only if the user stops using Sign in with Apple and later reconnects to your app.
If someone fails in storing "user email", "first-name" first time, then he should follow the following steps:
iPhone Settings -> Apple Id -> Password & Security -> Apple ID logins -> {YOUR APP} > Stop using Apple ID.
I want to give the opportunity for a user of an app to register/login with Facebook or by creating an account. I know that I can get the user's Facebook account email address, and their first and last names. That's basically the only information for creating a 'local' app account, apart from a password. How can I make sure that if that person logs in to Facebook on another device, that their two devices are linked to the same 'local' account? (i.e if they choose to sign in with Facebook with 2 devices, I only want one local account to be created on my server for that user).
Ideally, I want the login schemes for both to be identical. So if that user logs in with Facebook, I can check (securely) that the FB account is linked to a 'local' account, and automatically log that device in without making the user type in a password. Is this possible?
Edit: The 'local' users will be stored in a database on my server, and the front end will be done in Python running alongside the API for the app. Note that 'local' is just referring to the fact that it uses my app web service rather than an external social network.
You can do that within your users database as per below:
assuming you store the user data in a table named userinfo, this table should contain user e-mail, first name, etc..
Add another column in this table named fbemail.
If users signs in using web service, his email will be saved in the email field & the fbemail should be null, if signs in using FB, then both email & fbemail should be the extracted email.
when the user uses FB login, check the fbemail field, if not found, then this is a new user, add his data, if not, then this is a returning user, no need to add his data.
Option 1.
You can identify your Facebook user by his Facebook User ID. If he logs in using Facebook on other device you know it cause he sends you his Facebook User ID in the authentication process. He also sends you Facebook access token which you validate contacting Facebook to see if it is correct. Using this approach you have to have a different authentication scheme for Facebook user and "normal", email user.
Option 2.
To have the same login scheme you can use Facebook to get user email and prepend it in the email text field in your registration screen. The user would need to additionally provide a password. This means that you are not really doing a Login with Facebook, but use Facebook to obtain an email (and any additional information) so the user does not have to type it.
This is an old post but still very valid. You are correct, anybody who has your FB email could potentially access your server rest-api and log into it. To access a backend service you will need to use as password the FB access token generated during the FB log-in. This is stored in the device keychain and can be retrieved as:
NSString *accessToken = [[FBSDKAccessToken currentAccessToken] tokenString];
NSString *userID = [[FBSDKAccessToken currentAccessToken] userID];
The topic of using a FB authentication system in parallel to a custom login/registration system is covered in this FB guide: Using Facebook Login with Existing Login Systems.
In sum, different scenarios need to be addressed:
A person signs up for your app using their email and password, but later they want to use Facebook Login to obtain data from their Facebook account, to post to their timeline, or just to use to log in with in future.
A person signs up for the app using their email and password, but later chooses to log in with Facebook separately. This guide assumes that the email supplied first and the primary email associated with their Facebook account are the same.
A person signs up for the app using Facebook Login and later wants to log in to this account using an email address and password.
The guide recommends using two different tables for the FB log-in and the custom login.