Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Exception using sign in with Apple

See original GitHub issue

Which Version of MSAL are you using ? Note that to get help, you need to run the latest version. Preview version are also ok. For ADAL, please log issues to https://github.com/AzureAD/azure-activedirectory-library-for-dotnet 4.5.1

Platform xamarin iOS

What authentication flow has the issue?

Desktop / Mobile
- Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)

Other? - please describe;

Is this a new or existing app? This app is in production and I am trying to add Apple as an Identity provider in B2C

Repro I have created a custom policy in Azure B2C following the tutorial: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-get-started-custom#register-identity-experience-framework-applications

I then added an Identity provider for apple based on the following example: https://techcommunity.microsoft.com/t5/Azure-Developer-Community-Blog/quot-Sign-In-with-Apple-quot-Custom-Policy-for-Azure-AD-B2C/ba-p/766575

Everything works really well in Android and on iPad and I am able to log in with my Apple account no problem. But on iPhone (ios 13 and ios 12) I am getting an error ErrorCode: server_error Microsoft.Identity.Client.MsalServiceException: AADB2C90289: We encountered an error connecting to the identity provider. Please try again later. Correlation ID: b68ebf8f-e059-4ae4-8274-3058e115bd25 Timestamp: 2019-10-07 14:48:05

My app loads up my policy, I tap on my Sign In With Apple button, the Apple Webpage displays and I enter my credentials. Everything appears to be working and then this exception is thrown.

Is there some way I can find out more information on what this error means and why it would be appearing on iOS?

I have redirect URLs setup on the Apple Developer Console redirecting to “https://tenant.b2clogin.com/tenant.onmicrosoft.com/oauth2/authresp”

My Apple Login provider in my custom policy looks like:

<ClaimsProvider>
    <Domain>Apple</Domain>
      <DisplayName>Apple</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="AppleID">
          <DisplayName>Sign in with Apple</DisplayName>
          <Protocol Name="OpenIdConnect" />
          <Metadata>            
            <Item Key="client_id">com.XXXXX.B2CSignInService</Item>
            <Item Key="UsePolicyInRedirectUri">0</Item>
            <Item Key="METADATA">https://XXXXXXXXXXX.azurewebsites.net/api/signinwithapple/.well-known/openid-configuration</Item>
            <Item Key="response_types">code</Item>
            <Item Key="scope">email</Item>
            <Item Key="response_mode">form_post</Item>
            <Item Key="HttpBinding">POST</Item>
          </Metadata>
          <CryptographicKeys>            
            <Key Id="client_secret" StorageReferenceId="B2C_1A_AppleIDAppSecret" />
          </CryptographicKeys>
          <InputClaims>
            <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="login_hint" />
          </InputClaims>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
            <OutputClaim ClaimTypeReferenceId="identityProvider" PartnerClaimType="iss" />
            <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="sub" />
            <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="sub" />
            <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
            <OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
            <OutputClaim ClaimTypeReferenceId="email" />
          </OutputClaims>
          <OutputClaimsTransformations>
            <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
            <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
            <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
            <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
          </OutputClaimsTransformations>
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>

  </ClaimsProviders>

Expected behavior Login works the same on both Android and iOS.

Actual behavior Exception is thrown on iOS (iPadOS is fine).

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:55 (1 by maintainers)

Top GitHub Comments

5reactions

jkdouglascommented, Aug 10, 2020

Hi all - Please shoot me an email with this info:

How are you setting up the connection to Apple? (screenshot of built in custom OIDC or custom policy technical profile)
Are you using the right info to generate the secret? Apple Team ID, Apple Service ID, Apple certificate key
How are you generating the client secret?

We can start with that info and then troubleshoot from there. Thanks!

2reactions

jkdouglascommented, Jan 30, 2020

Hi @mirogrg1 and @mtanml

Could you both reach out to me via email? jodougla@microsoft.com

I would like to review the steps you took to connect to Apple and just make sure that the things are configured properly, and you properly generated the JWT to be used as the client secret.