chore(doc): improve documentation for Hybrid applications#120
Open
wJoenn wants to merge 3 commits into
Open
Conversation
Author
This was referenced Feb 14, 2025
awilfox
reviewed
Mar 19, 2025
Comment on lines
+64
to
+70
| class << self | ||
| def from_omniauth(access_token) | ||
| user = find_or_initialize_by(email: access_token.info['email']) | ||
| user.update!(name: access_token.info['name'], password: Devise.friendly_token[0, 20]) unless user.persisted? | ||
| user | ||
| end | ||
| end |
There was a problem hiding this comment.
This is slightly more Rails style:
Suggested change
| class << self | |
| def from_omniauth(access_token) | |
| user = find_or_initialize_by(email: access_token.info['email']) | |
| user.update!(name: access_token.info['name'], password: Devise.friendly_token[0, 20]) unless user.persisted? | |
| user | |
| end | |
| end | |
| def self.from_omniauth(access_token) | |
| user = find_or_create_by(email: access_token.info['email']) do |new_user| | |
| new_user.name = access_token.info['name'] | |
| new_user.password = Devise.friendly_token 20 | |
| end | |
| user | |
| end |
but I don't think that's exactly right either, because info is only returned on first sign in.
Author
There was a problem hiding this comment.
This is slightly more Rails style
I've seen both equally, I don't think there's a convention about which to use (at least not in https://github.com/rubocop/rails-style-guide) and I prefer class << self because it allows creating private class methods
I don't think that's exactly right either, because info is only returned on first sign in.
I tried logging in multiple times in a row with the same apple account and I can confirm the request.env['omniauth.auth'][:info] is present each time so I'm confident it is right as is
awilfox
reviewed
Mar 19, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
OmniAuth Apple Strategy
OmniAuth strategy for Sign In with Apple.
Installation
Add this line to your application's Gemfile:
Then execute
Or install it yourself globally with
Usage
Using Devise ? Skip to Use with Devise
Here's an example for adding the middleware to a Rails app in
config/initializers/omniauth.rbYou can find more confiduration options in the Configuration section.
NOTE: Any change made to the middleware's configuration will required you to reset your server before taking action.
Use with Devise
When using
omniauth-applewith Devise you must omit theconfig/initializers/omniauth.rbfile.Instead you can add the middleware's configuration in
config/initializers/devise.rbMake sure to your Omniauthable model includes the new provider. Generally that model is your
Usermodel.You should also create a class method to register and find users from a omniauth provider's callback in your model.
If you want to override Devise's omniauth callback management then update your routes with a custom controller inheriting from Devise's
Devise::OmniauthCallbacksControllerMore info can be found in Devise's wiki
Use with Hybrid application
When working with a Rails API and a separated client-side application you will want to handle omniauth authentication differently from a fullstack Rails application.
Usually the flow is as followed:
codeas well as a identificationid_token.https://your.api.domain/users/auth/apple/callback.omniauth-applegem will validate the token and code via a server-side request to Apple. If both are valid then Apple will return aaccess_tokenwhich can be used to find an existing user or create a new one if this is the first time such process is run for that user.The
omniauth-applegem supports this mode if you provide an additional configuration option.Failing to enable the
provider_ignores_stateoption will result in acsrf_detectederror like this oneMulti-platform client-side applications
If you use your Rails API with multiple different client-side applications on different platforms (for example you might have a web app and a IOS app) then you might have to use different
APPLE_CLIENT_IDfor these apps.When this is the case you can register additional client ids for your middleware by using the
authorized_client_idsoption.AppleJS example
Example inspired from https://developer.apple.com/documentation/sign_in_with_apple/configuring-your-webpage-for-sign-in-with-apple
Include Apple's CDN in your html by adding this script tag at the end of your
<body>Then in your application authenticate the user with the following method
IOS Example
See: https://developer.apple.com/documentation/AuthenticationServices/implementing-user-authentication-with-sign-in-with-apple
Note that for IOS devices the
APPLE_CLIENT_IDyou need to use is your app's Bundle ID, not a Service ID.Configuration
In order to configure
omniauth-appleproperly you will need to have an active Apple App.If that is not the case then start by logging into your Apple Developer Account (if you don't have one, you can create one here).
Then you can create an App ID by going to your Identifiers, click on the + button, select App IDs and continue, select App and continue, enter a description and a Bundle ID, scroll down and check the Sign in with Apple capability then save your App.
CLIENT_ID
The
CLIENT_IDwill depend on the platform you make your authentication request from.CLIENT_IDfor requests made from a IOS native device is your Apple App's Bundle ID.To find your App's Bundle ID access your Identifiers and select your App ID. You will find your Bundle ID in the App ID's configuration which should look something like
domain.custom.yourCLIENT_IDfor requests made from a web browser or server is a Apple Service ID's' Identifier.To create a Service ID go to your Identifiers, click on the + button, select Service IDs and continue, enter a description and a Identifier (for example
domain.custom.your.signin) and continue, enable Sign in with Apple then configure it by providing your Primary App ID (that will usually the App ID you already created) as well as the domain and redirect_uri used when you make the authorization request.Finally save your Service ID and copy the Identifier
CLIENT_SECRET
omniauth-appledoes not use aCLIENT_SECRET. You can leave this option as''Options
APPLE_CLIENT_IDTo create a new encryption key access your Keys, click on the + button, enter a Key Name and a Key Usage Description, enable Sign Iin with Apple and configure it with your Primary App ID (that will usually the App ID you already created) then save the Key.
The Key ID will be found in your Key Details
Once your Key ID has been created you can Download the key and open the file in your IDE. The
pemis the content of that file with an extra newline at the endDO NOT COMMIT THIS ENCRYPTION KEY
Access your Identifiers, select your App ID then copy the App ID Prefix found in the App ID's Configuration
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/nhosoya/omniauth-apple.
License
The gem is available as open source under the terms of the MIT License.