FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. tashi
    T
    • Profile
    • Following 0
    • Followers 1
    • Topics 2
    • Posts 3
    • Best 2
    • Controversial 0
    • Groups 0

    tashi

    @tashi

    3
    Reputation
    2
    Profile views
    3
    Posts
    1
    Followers
    0
    Following
    Joined Last Online
    tashi Unfollow Follow

    Best posts made by tashi

    • RE: Using native apple sign in

      [SUCCESS]

      We found that apple native sign has a way to get the authorization code using their sdk.
      ASAuthorizationAppleIDCredential::authorizationCode
      We are using that property to pass in the place of code for the api call to api/identity-provider/login.

      API: [POST] - api/identity-provider/login

      {
    "applicationId": "bc3056ab-edb5-42a2-af45-b4f816689997",
    "data": {
        "code": "c4cb505812c5343798fa8478cf9c64fa9.0.srzss.wUaW_U9LTn24TjiKdaPKMQ",
        "redirect_uri": "",
        "id_token": "eyJraWQiOiJXNldjT0tCIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnVyYmFuc2l0dGVyLm1vYmlsZS5sb2NhbCIsImV4cCI6MTY3MDM1MjkzMCwiaWF0IjoxNjcwMjY2NTMwLCJzdWIiOiIwMDE5MjIuYTNkMDZlNjZlMzk5NGM3ZjlmOTE2OTI3NDk4MWYyZTYuMjE0MCIsImNfaGFzaCI6IjJTY1R6YUZySmxKYVU3c2ppNGtiWEEiLCJlbWFpbCI6InRhc2hpLmFicml0aUBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6InRydWUiLCJhdXRoX3RpbWUiOjE2NzAyNjY1MzAsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0.aVRm7_i1Cn7gyy6NxspZRNta6LaI6knitgGkgIsNkzskxbHXJfMUQbbTE9sYL9xUDpfi-si7sGPRdlvnKCOqtXUKcE0hiHsCOgOQykP1mLrd27qaYiwa__vd9EdWgPYPnujulaI14L1lfvT79Ss_mxOeJiwpsXoy3VI4vRpI7LNHU_QguSD2xFV9ZX-WwOJCzfqFl7dMPOnISYgu1sVjO2couokzlwZEkv96yBQqRByOeeQ0jOVvURJ_FpLuQ2jj0xs5U2S-vvkDStVWuiSiKQIiwons-aHdXAjB__3ASfQamntl1AHCMZWTSaSlh5C1zxSZdH4NQhd-eR4m_wZej"
    },
    "identityProviderId": "13d2a5db-7ef9-4d62-b909-0df58612e775"

      RESULT:

      {
    "refreshToken": "tRbop7_4hhKsdp2XVBLuJwvVWlf030cd2-AzJGQSnY8xLI6THtbVhQ",
    "refreshTokenId": "28b74a97-4286-4259-bc46-c8857f59fe73",
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUxMmQxMzQzYSJ9.eyJhdWQiOiJiYzMwNTZhYi1lZGI1LTQyYTItYWY0NS1iNGY4MTY2ODk5OTciLCJleHAiOjE2NzAyNjY2MjYsImlhdCI6MTY3MDI2NjU2NiwiaXNzIjoidXJiYW5zaXR0ZXIubmV0Iiwic3ViIjoiZTRhZTcxZWQtYzEzNy00YmUxLTg2ZDEtMjQ0MTYwNjY3YzBlIiwianRpIjoiZTY3M2U2YmEtODc2Yi00YjY2LTljYjEtNDdjZGVlMzZjNzM3IiwiYXV0aGVudGljYXRpb25UeXBlIjoiQVBQTEUiLCJlbWFpbCI6InRhc2hpLmFicml0aUBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwicHJlZmVycmVkX3VzZXJuYW1lIjoidGFzaGktYmh1dGlhIiwiYXBwbGljYXRpb25JZCI6ImJjMzA1NmFiLWVkYjUtNDJhMi1hZjQ1LWI0ZjgxNjY4OTk5NyIsInJvbGVzIjpbXSwic2lkIjoiMjhiNzRhOTctNDI4Ni00MjU5LWJjNDYtYzg4NTdmNTlmZTczIiwiYXV0aF90aW1lIjoxNjcwMjY2NTY2LCJ0aWQiOiJmMmM0OTQ3Ni1hNzdhLThmZDItZDQxZC0wMjA2ODA3NjNlZDQiLCJkYXRhIjp7ImlkIjoiMTExMTM5NiIsInJvbGVzIjpbIjUiXX0sImN1c3RvbSI6ImN1c3RvbSJ9.BCGm0b1GHTPKuQRi0VrhqxPX6kGOB-rwkkkuYn3gkm",
    "tokenExpirationInstant": 1670266626871,
    "user": {
        "active": true,
        "connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
        "data": {
            "id": "1111396",
            "roles": [
                "5"
            ]
        },
        "email": "janesmith11223344@gmail.com",
        "fullName": "null null",
        "id": "e4ae71ed-c137-4be1-86d1-244160667c0e",
        "imageUrl": "https://assets-local.urbansitter.net/assets/img/us-default-avatar-320.png",
        "insertInstant": 1669939131457,
        "lastLoginInstant": 1670266566856,
        "lastUpdateInstant": 1670266566856,
        "memberships": [],
        "passwordChangeRequired": false,
        "passwordLastUpdateInstant": 1669939131538,
        "preferredLanguages": [],
        "registrations": [
            {
                "applicationId": "bc3056ab-edb5-42a2-af45-b4f816689997",
                "data": {},
                "id": "c1ed7f48-f29c-483b-a3a4-381c834327a4",
                "insertInstant": 1669939131544,
                "lastLoginInstant": 1670266566856,
                "lastUpdateInstant": 1670266566860,
                "preferredLanguages": [],
                "roles": [],
                "tokens": {},
                "username": "jane-smith",
                "usernameStatus": "ACTIVE",
                "verified": true
            }
        ],
        "tenantId": "f2c49476-a77a-8fd2-d41d-020680763ed4",
        "twoFactor": {
            "methods": [],
            "recoveryCodes": []
        },
        "uniqueUsername": "jane-smith",
        "username": "jane-smith",
        "usernameStatus": "ACTIVE",
        "verified": true
    }
}

      Thanks for all the help.

      posted in Q&A
      T
      tashi
    • Using native apple sign in

      [https://fusionauth.io/community/forum/topic/808/using-native-controls-for-apple-login]

      We are using native controls for apple sign in and trying to use the identity provider login api but running into an issue with a message

      The id_token returned from Apple is invalid or cannot be verified. Unable to complete this login request.

      We have gone through the "Apple Identity Provider" documentation and followed all the steps on the apple developer settings as well as on the fusionauth.

      The access token is generated from the native app so we don't have code and redirect properties and we are setting those values to empty strings since thosre are required to call the api unlike facebook and google native login.

      Api call
      POST api/identity-provider/login

      Body

      {
    "applicationId": "bc3056ab-edb5-42a2-af45-b4f816689997",
    "data": {
        "code": "",
        "redirect_uri": "",
        "id_token": "eyJraWQiOiJXNldjT0tCIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnVyYmFuc2l0dGVyLm1vYmlsZS5sb2NhbCIsImV4cCI6MTY2ODIwNDU0MywiaWF0IjoxNjY4MTE4MTQzLCJzdWIiOiIwMDE5MjIuYTNkMDZlNjZlMzk5NGM3ZjlmOTE2OTI3NDk4MWYyZTYuMjE0MCIsImNfaGFzaCI6ImdkZjNHN3BHaHFWZW9TVzNYYlBvSHciLCJlbWFpbCI6InRhc2hpLmFicml0aUBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6InRydWUiLCJhdXRoX3RpbWUiOjE2NjgxMTgxNDMsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0.e5e_MZ1mER7hqRPy-ZylNTidu8Gr6d7HrXpDgu8sbj5idXqYr4YvO6_wEAzfAlTfBsi7lwZI9szo239bvn0m3u5Rwe4dGd6DKgX226Z5vmTctUGCDY0oW2-2zYWXZfb4MLMSrKPd7Kg_Xup-5gE-uHiAuyiBdm07HatNCWyQgMW_hoLZJHMZxtzgtyn79P0yfpZ-4ho2pwRUJAFHwZq66w4QOqAmn4CmRJw3G2Vuf3WPITr4LE3k5eyZURQLPs48qAaiL96L9Vhvx4IKRERrYVFqZEacNihhX3S0yiWtMVc0QASuC9E87pqqMyUa6JjINrXUrQ_QlVR2Umckum90Pg"
    },
    "identityProviderId": "13d2a5db-7ef9-4d62-b909-0df58612e775"
}

      Log error:

      Apple IdP Response Debug Log [13d2a5db-7ef9-4d62-b909-0df58612e775]

11/10/2022 11:32:06 PM Z Validate the provided [id_token] value [eyJraWQiOiJXNldjT0tCIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnVyYmFuc2l0dGVyLm1vYmlsZS5sb2NhbCIsImV4cCI6MTY2ODIwNDU0MywiaWF0IjoxNjY4MTE4MTQzLCJzdWIiOiIwMDE5MjIuYTNkMDZlNjZlMzk5NGM3ZjlmOTE2OTI3NDk4MWYyZTYuMjE0MCIsImNfaGFzaCI6ImdkZjNHN3BHaHFWZW9TVzNYYlBvSHciLCJlbWFpbCI6InRhc2hpLmFicml0aUBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6InRydWUiLCJhdXRoX3RpbWUiOjE2NjgxMTgxNDMsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0.e5e_MZ1mER7hqRPy-ZylNTidu8Gr6d7HrXpDgu8sbj5idXqYr4YvO6_wEAzfAlTfBsi7lwZI9szo239bvn0m3u5Rwe4dGd6DKgX226Z5vmTctUGCDY0oW2-2zYWXZfb4MLMSrKPd7Kg_Xup-5gE-uHiAuyiBdm07HatNCWyQgMW_hoLZJHMZxtzgtyn79P0yfpZ-4ho2pwRUJAFHwZq66w4QOqAmn4CmRJw3G2Vuf3WPITr4LE3k5eyZURQLPs48qAaiL96L9Vhvx4IKRERrYVFqZEacNihhX3S0yiWtMVc0QASuC9E87pqqMyUa6JjINrXUrQ_QlVR2Umckum90Pg]
11/10/2022 11:32:06 PM Z Decode the [id_token].
11/10/2022 11:32:06 PM Z Assert the [iss] claim is equal to [https://appleid.apple.com].
11/10/2022 11:32:06 PM Z Assert the [aud] claim is equal to [com.urbansitter.mobile.local].
11/10/2022 11:32:06 PM Z Calculate the [c_hash] to ensure the integrity of the provided [code] value [gdf3G7pGhqVeoSW3XbPoHw].
11/10/2022 11:32:06 PM Z The [id_token] integrity check failed. Expected a [c_hash] of [gdf3G7pGhqVeoSW3XbPoHw] and found [K9t2pCrAVLpt1gRBI6i3wQ].
      posted in Q&A
      T
      tashi

    Latest posts made by tashi

    • RE: Using native apple sign in

      [SUCCESS]

      We found that apple native sign has a way to get the authorization code using their sdk.
      ASAuthorizationAppleIDCredential::authorizationCode
      We are using that property to pass in the place of code for the api call to api/identity-provider/login.

      API: [POST] - api/identity-provider/login

      {
    "applicationId": "bc3056ab-edb5-42a2-af45-b4f816689997",
    "data": {
        "code": "c4cb505812c5343798fa8478cf9c64fa9.0.srzss.wUaW_U9LTn24TjiKdaPKMQ",
        "redirect_uri": "",
        "id_token": "eyJraWQiOiJXNldjT0tCIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnVyYmFuc2l0dGVyLm1vYmlsZS5sb2NhbCIsImV4cCI6MTY3MDM1MjkzMCwiaWF0IjoxNjcwMjY2NTMwLCJzdWIiOiIwMDE5MjIuYTNkMDZlNjZlMzk5NGM3ZjlmOTE2OTI3NDk4MWYyZTYuMjE0MCIsImNfaGFzaCI6IjJTY1R6YUZySmxKYVU3c2ppNGtiWEEiLCJlbWFpbCI6InRhc2hpLmFicml0aUBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6InRydWUiLCJhdXRoX3RpbWUiOjE2NzAyNjY1MzAsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0.aVRm7_i1Cn7gyy6NxspZRNta6LaI6knitgGkgIsNkzskxbHXJfMUQbbTE9sYL9xUDpfi-si7sGPRdlvnKCOqtXUKcE0hiHsCOgOQykP1mLrd27qaYiwa__vd9EdWgPYPnujulaI14L1lfvT79Ss_mxOeJiwpsXoy3VI4vRpI7LNHU_QguSD2xFV9ZX-WwOJCzfqFl7dMPOnISYgu1sVjO2couokzlwZEkv96yBQqRByOeeQ0jOVvURJ_FpLuQ2jj0xs5U2S-vvkDStVWuiSiKQIiwons-aHdXAjB__3ASfQamntl1AHCMZWTSaSlh5C1zxSZdH4NQhd-eR4m_wZej"
    },
    "identityProviderId": "13d2a5db-7ef9-4d62-b909-0df58612e775"

      RESULT:

      {
    "refreshToken": "tRbop7_4hhKsdp2XVBLuJwvVWlf030cd2-AzJGQSnY8xLI6THtbVhQ",
    "refreshTokenId": "28b74a97-4286-4259-bc46-c8857f59fe73",
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUxMmQxMzQzYSJ9.eyJhdWQiOiJiYzMwNTZhYi1lZGI1LTQyYTItYWY0NS1iNGY4MTY2ODk5OTciLCJleHAiOjE2NzAyNjY2MjYsImlhdCI6MTY3MDI2NjU2NiwiaXNzIjoidXJiYW5zaXR0ZXIubmV0Iiwic3ViIjoiZTRhZTcxZWQtYzEzNy00YmUxLTg2ZDEtMjQ0MTYwNjY3YzBlIiwianRpIjoiZTY3M2U2YmEtODc2Yi00YjY2LTljYjEtNDdjZGVlMzZjNzM3IiwiYXV0aGVudGljYXRpb25UeXBlIjoiQVBQTEUiLCJlbWFpbCI6InRhc2hpLmFicml0aUBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwicHJlZmVycmVkX3VzZXJuYW1lIjoidGFzaGktYmh1dGlhIiwiYXBwbGljYXRpb25JZCI6ImJjMzA1NmFiLWVkYjUtNDJhMi1hZjQ1LWI0ZjgxNjY4OTk5NyIsInJvbGVzIjpbXSwic2lkIjoiMjhiNzRhOTctNDI4Ni00MjU5LWJjNDYtYzg4NTdmNTlmZTczIiwiYXV0aF90aW1lIjoxNjcwMjY2NTY2LCJ0aWQiOiJmMmM0OTQ3Ni1hNzdhLThmZDItZDQxZC0wMjA2ODA3NjNlZDQiLCJkYXRhIjp7ImlkIjoiMTExMTM5NiIsInJvbGVzIjpbIjUiXX0sImN1c3RvbSI6ImN1c3RvbSJ9.BCGm0b1GHTPKuQRi0VrhqxPX6kGOB-rwkkkuYn3gkm",
    "tokenExpirationInstant": 1670266626871,
    "user": {
        "active": true,
        "connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
        "data": {
            "id": "1111396",
            "roles": [
                "5"
            ]
        },
        "email": "janesmith11223344@gmail.com",
        "fullName": "null null",
        "id": "e4ae71ed-c137-4be1-86d1-244160667c0e",
        "imageUrl": "https://assets-local.urbansitter.net/assets/img/us-default-avatar-320.png",
        "insertInstant": 1669939131457,
        "lastLoginInstant": 1670266566856,
        "lastUpdateInstant": 1670266566856,
        "memberships": [],
        "passwordChangeRequired": false,
        "passwordLastUpdateInstant": 1669939131538,
        "preferredLanguages": [],
        "registrations": [
            {
                "applicationId": "bc3056ab-edb5-42a2-af45-b4f816689997",
                "data": {},
                "id": "c1ed7f48-f29c-483b-a3a4-381c834327a4",
                "insertInstant": 1669939131544,
                "lastLoginInstant": 1670266566856,
                "lastUpdateInstant": 1670266566860,
                "preferredLanguages": [],
                "roles": [],
                "tokens": {},
                "username": "jane-smith",
                "usernameStatus": "ACTIVE",
                "verified": true
            }
        ],
        "tenantId": "f2c49476-a77a-8fd2-d41d-020680763ed4",
        "twoFactor": {
            "methods": [],
            "recoveryCodes": []
        },
        "uniqueUsername": "jane-smith",
        "username": "jane-smith",
        "usernameStatus": "ACTIVE",
        "verified": true
    }
}

      Thanks for all the help.

      posted in Q&A
      T
      tashi
    • Using native apple sign in

      [https://fusionauth.io/community/forum/topic/808/using-native-controls-for-apple-login]

      We are using native controls for apple sign in and trying to use the identity provider login api but running into an issue with a message

      The id_token returned from Apple is invalid or cannot be verified. Unable to complete this login request.

      We have gone through the "Apple Identity Provider" documentation and followed all the steps on the apple developer settings as well as on the fusionauth.

      The access token is generated from the native app so we don't have code and redirect properties and we are setting those values to empty strings since thosre are required to call the api unlike facebook and google native login.

      Api call
      POST api/identity-provider/login

      Body

      {
    "applicationId": "bc3056ab-edb5-42a2-af45-b4f816689997",
    "data": {
        "code": "",
        "redirect_uri": "",
        "id_token": "eyJraWQiOiJXNldjT0tCIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnVyYmFuc2l0dGVyLm1vYmlsZS5sb2NhbCIsImV4cCI6MTY2ODIwNDU0MywiaWF0IjoxNjY4MTE4MTQzLCJzdWIiOiIwMDE5MjIuYTNkMDZlNjZlMzk5NGM3ZjlmOTE2OTI3NDk4MWYyZTYuMjE0MCIsImNfaGFzaCI6ImdkZjNHN3BHaHFWZW9TVzNYYlBvSHciLCJlbWFpbCI6InRhc2hpLmFicml0aUBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6InRydWUiLCJhdXRoX3RpbWUiOjE2NjgxMTgxNDMsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0.e5e_MZ1mER7hqRPy-ZylNTidu8Gr6d7HrXpDgu8sbj5idXqYr4YvO6_wEAzfAlTfBsi7lwZI9szo239bvn0m3u5Rwe4dGd6DKgX226Z5vmTctUGCDY0oW2-2zYWXZfb4MLMSrKPd7Kg_Xup-5gE-uHiAuyiBdm07HatNCWyQgMW_hoLZJHMZxtzgtyn79P0yfpZ-4ho2pwRUJAFHwZq66w4QOqAmn4CmRJw3G2Vuf3WPITr4LE3k5eyZURQLPs48qAaiL96L9Vhvx4IKRERrYVFqZEacNihhX3S0yiWtMVc0QASuC9E87pqqMyUa6JjINrXUrQ_QlVR2Umckum90Pg"
    },
    "identityProviderId": "13d2a5db-7ef9-4d62-b909-0df58612e775"
}

      Log error:

      Apple IdP Response Debug Log [13d2a5db-7ef9-4d62-b909-0df58612e775]

11/10/2022 11:32:06 PM Z Validate the provided [id_token] value [eyJraWQiOiJXNldjT0tCIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnVyYmFuc2l0dGVyLm1vYmlsZS5sb2NhbCIsImV4cCI6MTY2ODIwNDU0MywiaWF0IjoxNjY4MTE4MTQzLCJzdWIiOiIwMDE5MjIuYTNkMDZlNjZlMzk5NGM3ZjlmOTE2OTI3NDk4MWYyZTYuMjE0MCIsImNfaGFzaCI6ImdkZjNHN3BHaHFWZW9TVzNYYlBvSHciLCJlbWFpbCI6InRhc2hpLmFicml0aUBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6InRydWUiLCJhdXRoX3RpbWUiOjE2NjgxMTgxNDMsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0.e5e_MZ1mER7hqRPy-ZylNTidu8Gr6d7HrXpDgu8sbj5idXqYr4YvO6_wEAzfAlTfBsi7lwZI9szo239bvn0m3u5Rwe4dGd6DKgX226Z5vmTctUGCDY0oW2-2zYWXZfb4MLMSrKPd7Kg_Xup-5gE-uHiAuyiBdm07HatNCWyQgMW_hoLZJHMZxtzgtyn79P0yfpZ-4ho2pwRUJAFHwZq66w4QOqAmn4CmRJw3G2Vuf3WPITr4LE3k5eyZURQLPs48qAaiL96L9Vhvx4IKRERrYVFqZEacNihhX3S0yiWtMVc0QASuC9E87pqqMyUa6JjINrXUrQ_QlVR2Umckum90Pg]
11/10/2022 11:32:06 PM Z Decode the [id_token].
11/10/2022 11:32:06 PM Z Assert the [iss] claim is equal to [https://appleid.apple.com].
11/10/2022 11:32:06 PM Z Assert the [aud] claim is equal to [com.urbansitter.mobile.local].
11/10/2022 11:32:06 PM Z Calculate the [c_hash] to ensure the integrity of the provided [code] value [gdf3G7pGhqVeoSW3XbPoHw].
11/10/2022 11:32:06 PM Z The [id_token] integrity check failed. Expected a [c_hash] of [gdf3G7pGhqVeoSW3XbPoHw] and found [K9t2pCrAVLpt1gRBI6i3wQ].
      posted in Q&A
      T
      tashi