I think many have already heard Sign In with Apple (SIWA for short) after WWDC 2019. In the material, I will tell you what specific pitfalls I had to face when integrating this thing into our licensed portal. This article is not entirely for those who have just decided to deal with SIWA (for them I have given a number of introductory links at the end of the text). In this material, most likely, many will find answers to questions that may arise when integrating a new Apple service.
Apple does not allow custom redirects
Actually, I still do not see the answer to this question on the developer forums. The bottom line is this: if you want to use the SIWA JS API, i.e. does not work through the native SDK due to the lack of one for one reason or another (not macOS / iOS or the old version of these systems), then you need your own public portal, otherwise nothing. Because on the WWDR portal you need to register and confirm that you are the owner of your domain, and only redirects that are valid from Apple's point of view can be attached to it:
What to do if there is a desire to intercept the redirect in the application? We solved this problem very simply: we created a list of valid redirects for our applications on our portal, which they order before displaying the SIWA authorization page. And we just do a redirect from the portal to the application with the data received from Apple. Simple and angry.
Problems with e-mail
Let's look at how we solved problems with the user's e-mail. Firstly, there is no REST API that allows you to get this information from the backend - only the client receives this data and can pass it along with the authorization code.
Secondly, information about the user's name and e-mail is transmitted only once, on the very first user login to the application through Apple, where the user selects options for sharing his personal data.
By themselves, these problems are not directly critical if the connection with the social profile was successfully created on the portal - the user ID is the same and is tied to the Team ID - i.e. it is the same for all your team's applications integrated with SIWA. But if the login was made through Apple, and further along the path an error occurred and the connection on the portal was not created, then the only option is to send the user to appleid.apple.com, break the connection with the application and try again. Actually, the problem is solved by writing the corresponding KB article and linking to it.
The next more annoying problem is that Apple came up with a new concept with e-mail proxy. In our case, if the user was already on the licensed portal with his real soap and at the first login through Apple selects the option to hide e-mail, a new account is registered with this proxy e-mail, in which there are obviously no licenses, which puts the end user in dead end.
The solution to this problem is quite simple: the user ID is the same in SIWA and does not depend on the selected options / application in which the sign in is made, then we simply use a special script to switch this connection with Apple to another account with a real user soap and thereby βrestore your purchases ". After this procedure, the user begins to get into another account on the portal through SIWA and everything works correctly for him.
When signing in through the web portal, there is no application icon
To solve another problem, we turned to Apple representatives for clarification, we share our knowledge:
Those. the meaning is as follows: at the head of the SIWA group, m.b. only the macOS/iOS application has been delivered, to which the necessary service IDs of the portals are already added. Accordingly, in order to show the icon for the main application, it should be. App Store-published versions with Apple-verified media. The icon will be taken from there.
Accordingly, if you only have a portal and no applications from the App Store, then there will be no beautiful icon, but you can get out with the name of the application - if the main application does not have media, this info is taken from the Description service ID:
The number of elements in a SIWA group is limited to 5
This problem has no solution at the moment, other than using multiple groups, if you are missing 6 IDs: 1 parent application and 5 dependents, then when you try to register the next one, you will see this message:
We have created groups for our license portal and for each of the applications that operate on this portal. Regarding the slot limit, we have already started a radar at Apple and are awaiting their response.
Useful links
Most useful , in my opinion, according to which I did everything in fact. Apple's semi-useful dock .
Enjoy! Questions, thoughts, ideas and suggestions are accepted in the comments.
Source: habr.com