Configuring Sign in with Apple for web and mobile apps

Summary: Need help with Certificates, Identifiers and Profiles settings to allow two apps to use Sign in with Apple.

Background: We have a web application (React, static JavaScript) that allows users to sign in with Apple, Google or Microsoft via OAuth/OIDC.

We are developing a mobile application using React Native and Expo.

Both the web application and the mobile application use the same backend (Django).

For the mobile application, we added Google and Microsoft sign in via the same web-based OAuth/OIDC flow. For Sign in with Apple, we are using the expo-apple-authentication package to get the required native sign in experience.

We have two active app identifiers:

  1. org.terraso.terraso; web app; primary Apple ID
  2. org.terraso.test.Terraso-LandPKS; mobile apple; Group with an existing primary App ID (selected (1), the web app)

We have one services identifier:

  1. org.terraso.app; primary ID is web app (app identifier 1) above; URLs have been configured

We have one app group:

  1. group.org.terraso (seems unused)

On our backend app, we have code: https://github.com/techmatters/terraso-backend/blob/abc655e83eaca849e2bc24389946cc4f0bcd9d48/terraso_backend/apps/auth/providers.py#L84

and APPLE_CLIENT_ID is set to org.terraso.app (which matches the services identifier above

In my local development environment, I have tried a few different combinations of IDs attempting to get this to work using the iOS simulator:

(i) backend client id: org.terraso.app mobile app bundle Id: org.terraso.test.Terraso-LandPKS result: error: jwt.exceptions.InvalidAudienceError: Audience doesn't match

(ii) backend: org.terraso.app mobile app: org.terraso.app result: clicking "Sign In" in Apple ID dialog is a no-op (no errors from client or server)

(iii) backend: org.terraso.test.Terraso-LandPKS mobile app: org.terraso.test.Terraso-LandPKS result: works (but I can't use that in production, because the client ID is wrong)

How can I configure Sign in with Apple to allow both the web app, the mobile app (and possible additional mobile apps) to work with the same backend?

Do I need to us app groups? When do you use app groups vs "group with an existing primary apple id"?

Up vote post of schreiberpaul Down vote post of schreiberpaul
204 views
Posted by
schreiberpaul
Reply
Add a Comment