Failed execution for Auth.socialWebUISignInAPI with error: AuthError: Make sure that the amplify configuration passed to Auth plugin is valid
ChurikiTenna opened this issue · 14 comments
Describe the bug
It is not a bug, I think I am doing something wrong.
I followed this steps to Sign in with Apple, but get this error:
Failed execution for Auth.socialWebUISignInAPI with error:
AuthError: Make sure that the amplify configuration passed to Auth plugin is valid
I have checked all the values are correct at least 3 times. What else do I need to check?
One concern, amplify update auth require key id before creating the actual key. how is it possible to get a Key id before creating them?
Steps To Reproduce
Steps to reproduce the behavior:
1. Create an App ID
2. Create a Service ID
3. Create a Key
4. Do this in terminal
% amplify update auth
Please note that certain attributes may not be overwritten if you choose to use defaults settings.
You have configured resources that might depend on this Cognito resource. Updating this Cognito resource could have unintended side effects.
Using service: Cognito, provided by: awscloudformation
What do you want to do? Apply default configuration with Social Provider (Feder
ation)
What domain name prefix do you want to use? iris26e476d4-26e476d4
Enter your redirect signin URI: iris://
? Do you want to add another redirect signin URI No
Enter your redirect signout URI: iris://
? Do you want to add another redirect signout URI No
Select the identity providers you want to configure for your user pool: Sign in
with Apple
You've opted to allow users to authenticate via Sign in with Apple. If you have
n't already, you'll need to go to https://developer.apple.com/account/#/welcome
and configure Sign in with Apple.
Enter your Services ID for your OAuth flow: com.zasso.iris
Enter your Team ID for your OAuth flow: 86USSQ2K46
Enter your Key ID for your OAuth flow: 4A772NX2MB
Enter your Private Key for your OAuth flow (entire key without line breaks): -
----BEGIN PRIVATE KEY-----MIG...EN-----END PRIVATE KEY-----
✅ Successfully updated AdminQueriese13453b3 function locally
✅ Successfully updated AdminQueries API locally
✅ Successfully updated auth resource iris1ef6f127 locally
✅ Some next steps:
"amplify push" will build all your local back...
✅ Successfully updated resource update locally
✅ Some next steps:
"amplify push" will build all your local back...
tenna@chuurikitennanoiMac Iris % amplify push
⠧ Fetching updates to backend environment: dev from the cloud.⠋ Building resourc⠋ Building resource api/iris
⚠️ WARNING: your GraphQL API currently allows public create, read, update, and delete access to all models via an API Key. To configure PRODUCTION-READY authorization rules, review: https://docs.amplify.aws/cli/graphql/authorization-rules
⠴ Building resource api/iris✅ GraphQL schema compiled successfully.
Edit your schema at /Users/tenna/Desktop/Iris/amplify/backend/api/iris/schema.graphql or place .graphql files in a directory at /Users/tenna/Desktop/Iris/amplify/backend/api/iris/schema
✔ Successfully pulled backend environment dev from the cloud.
Current Environment: dev
┌──────────┬──────────────────────┬───────────┬───────────────────┐
│ Category │ Resource name │ Operation │ Provider plugin │
├──────────┼──────────────────────┼───────────┼───────────────────┤
│ Auth │ iris1ef6f127 │ Update │ awscloudformation │
├──────────┼──────────────────────┼───────────┼───────────────────┤
│ Auth │ userPoolGroups │ No Change │ awscloudformation │
├──────────┼──────────────────────┼───────────┼───────────────────┤
│ Function │ AdminQueriese13453b3 │ No Change │ awscloudformation │
├──────────┼──────────────────────┼───────────┼───────────────────┤
│ Api │ AdminQueries │ No Change │ awscloudformation │
├──────────┼──────────────────────┼───────────┼───────────────────┤
│ Api │ iris │ No Change │ awscloudformation │
└──────────┴──────────────────────┴───────────┴───────────────────┘
✔ Are you sure you want to continue? (Y/n) · yes
Deployment completed.
Deploying root stack Iris [ =================================------- ]
amplify-iris-dev-bc369 AWS::CloudFormation::Stack UPDATE_
apiiris AWS::CloudFormation::Stack UPDATE_
authiris1ef6f127 AWS::CloudFormation::Stack UPDATE_
authuserPoolGroups AWS::CloudFormation::Stack UPDATE_
functionAdminQueriese13453b3 AWS::CloudFormation::Stack UPDATE_
apiAdminQueries AWS::CloudFormation::Stack UPDATE_
Deployed auth iris1ef6f127 [ ========================================
HostedUICustomResource AWS::Lambda::Function CREATE_
HostedUIProvidersCustomResour… AWS::Lambda::Function CREATE_
HostedUICustomResourcePolicy AWS::IAM::Policy CREATE_
HostedUIProvidersCustomResour… AWS::IAM::Policy CREATE_
HostedUICustomResourceLogPoli… AWS::IAM::Policy CREATE_
HostedUIProvidersCustomResour… AWS::IAM::Policy CREATE_
Deployed auth userPoolGroups [ =======================================
Deployment state saved successfully.
GraphQL transformer version: 2
Hosted UI Endpoint: https://iris26e476...
Test Your Hosted UI Endpoint: https://iris26e4...
5. Update a Service ID (Add Domains starting with iris26..., Return URLs starting with https://iris26.../oauth2/idpresponse)
6. Add these to the info.plist file
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>iris</string>
</array>
</dict>
</array>
7. Launch the app and tap the AppleSignInButton.
SignInWithAppleButton(.signUp)
{ request in
request.requestedScopes = [.fullName, .email]
} onCompletion: { authResults in
switch authResults {
case .success(let authResults):
self.signInWithApple(authResults: authResults)
case .failure(let error):
print(error.localizedDescription)
}
}
...
func signInWithApple(authResults: ASAuthorization) {
print("signInWithApple")
guard let appleIDCredential = authResults.credential as? ASAuthorizationAppleIDCredential else {
print("Failed to get AppleID credentials")
return
}
guard let identityTokenData = appleIDCredential.identityToken,
let identityToken = String(data: identityTokenData, encoding: .utf8) else {
print("Unable to fetch identity token")
return
}
Task {
if let fullName = appleIDCredential.fullName {
//self.givenName = fullName.givenName ?? ""
self.familyName = fullName.familyName ?? ""
}
self.email = appleIDCredential.email ?? ""
var result = try await Amplify.Auth.signInWithWebUI(for: .apple, presentationAnchor: UIWindow())
if result.isSignedIn {
isSignedIn = result.isSignedIn
}
}
}
8. Get the error.Expected behavior
Be able to Sign in with Apple
Amplify Framework Version
2.39.0
Amplify Categories
Auth
Dependency manager
Swift PM
Swift version
latest
CLI version
12.12.6
Xcode version
Xcode 15.4 Build version 15F31d
Relevant log output
<details>
<summary>Log Messages</summary>
signInWithApple
Starting execution for Auth.socialWebUISignInAPI
Check if authstate configured
Auth state configured
Wait for a valid state
Start signIn flow
Sending cancel signIn
Wait for signIn to cancel
Failed execution for Auth.socialWebUISignInAPI with error:
AuthError: Make sure that the amplify configuration passed to Auth plugin is validIs this a regression?
Yes
Regression additional context
No response
Platforms
iOS
OS Version
iOS 17
Device
iPhone 11 & 15
Specific to simulators
No response
Additional context
No response
Hi @ChurikiTenna,
Can you elaborate what you mean by
One concern, amplify update auth require key id before creating the actual key. how is it possible to get a Key id before creating them?
The key ID is created by Apple during the "Setup Your Auth Provider" step as found here which is the step before you call `amplify update auth``
Thanks for your detailed reproduction steps. Just wanted to clarify something since it wasn't explicitly called out, between steps 4 and 5 in your provided steps, did you provide Apple with the hosted UI endpoint URL that was generated in step 4? It's the last section in the Configure Auth Category section right before the Update Info.plist step.
Hi @vincetran ! Thank you for your response.
The key seems to be created after amplify update auth.
The Setup Your Auth Provider step only include creating a App ID and Service ID.
Am I misunderstanding something?
And yes, I have provided hosted UI endpoint URL.
@harsh62
Can same Service ID and App ID not exist? I get these errors.
- When I try to create a Service ID that matches BundleId of the app
- When I try to create a App ID that matches the Service ID
- When I try to create a brand new App ID and Service ID with the same ID.
App ID can be created.
Service ID with the same ID cannot be created.
Please correct me if I am wrong.
Ahh .. May be I confused you a little. Let me clarify a few things..
-
When you are using WebUI (also called HostedUI), you don't need to create a specific Sign In With Apple button.. Native SIWA is not a supported feature in user pools. So you should just use the following.
var result = try await Amplify.Auth.signInWithWebUI(for: .apple, presentationAnchor: UIWindow()) if result.isSignedIn { isSignedIn = result.isSignedIn } -
Would you be able to share your
amplifyconfiguration.jsonthat gets created? (redacted all the sensitive information) -
Make sure the services id matches the one that was created in the apple account.
Enter your Services ID for your OAuth flow: com.zasso.iris
@harsh62
Thank you for the guidance.
- Simply calling below also did not work either.
Button(action: {
self.signInWithApple()
}) {
HStack {
Image(systemName: "applelogo")
Text("Sign up with Apple")
}
.foregroundColor(Color.white)
}
func signInWithApple() {
Task {
let result = try await Amplify.Auth.signInWithWebUI(for: .apple, presentationAnchor: UIWindow())
if result.isSignedIn {
isSignedIn = result.isSignedIn
}
}
}
- amplifyconfiguration.json
{
"UserAgent": "aws-amplify-cli/2.0",
"Version": "1.0",
"api": {
"plugins": {
"awsAPIPlugin": {
"AdminQueries": {
"endpointType": "REST",
"endpoint": "https://xf3su34szd.execute-api.ap-northeast-1.amazonaws.com/dev",
"region": "ap-northeast-1",
"authorizationType": "AMAZON_COGNITO_USER_POOLS"
},
"iris": {
"endpointType": "GraphQL",
"endpoint": "https://zkwz3f5dbjdfbmo6utv7pznqc4.appsync-api.ap-northeast-1.amazonaws.com/graphql",
"region": "ap-northeast-1",
"authorizationType": "API_KEY",
"apiKey": "da2-t5u2zvusjzb7ppk3b3gi4uag5m"
}
}
}
},
"auth": {
"plugins": {
"awsCognitoAuthPlugin": {
"UserAgent": "aws-amplify/cli",
"Version": "0.1.0",
"IdentityManager": {
"Default": {}
},
"CredentialsProvider": {
"CognitoIdentity": {
"Default": {
"PoolId": "ap-northeast-1:209d97d9-735f-4684-8478-dae397571882",
"Region": "ap-northeast-1"
}
}
},
"CognitoUserPool": {
"Default": {
"PoolId": "ap-northeast-1_Ok5bjbMtU",
"AppClientId": "3mu8lgkjpe5a6uv2ncj0p0h0qb",
"Region": "ap-northeast-1"
}
},
"Auth": {
"Default": {
"OAuth": {
"WebDomain": "iris26e476d4-26e476d4-dev.auth.ap-northeast-1.amazoncognito.com",
"AppClientId": "3mu8lgkjpe5a6uv2ncj0p0h0qb",
"SignInRedirectURI": "iris://",
"SignOutRedirectURI": "iris://",
"Scopes": [
"phone",
"email",
"openid",
"profile",
"aws.cognito.signin.user.admin"
]
},
"authenticationFlowType": "USER_SRP_AUTH",
"socialProviders": [
"APPLE"
],
"usernameAttributes": [
"EMAIL"
],
"signupAttributes": [
"EMAIL"
],
"passwordProtectionSettings": {
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": []
},
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS"
],
"verificationMechanisms": [
"EMAIL"
]
}
},
"AppSync": {
"Default": {
"ApiUrl": "https://zkwz3f5dbjdfbmo6utv7pznqc4.appsync-api.ap-northeast-1.amazonaws.com/graphql",
"Region": "ap-northeast-1",
"AuthMode": "API_KEY",
"ApiKey": "da2-..<hidden>..ag5m",
"ClientDatabasePrefix": "iris_API_KEY"
}
},
"S3TransferUtility": {
"Default": {
"Bucket": "irisd63aeb703f8043f894dc4e9618adb29dbc369-dev",
"Region": "ap-northeast-1"
}
}
}
}
},
"storage": {
"plugins": {
"awsS3StoragePlugin": {
"bucket": "irisd63aeb703f8043f894dc4e9618adb29dbc369-dev",
"region": "ap-northeast-1",
"defaultAccessLevel": "guest"
}
}
}
}
- Checked.
I noticed I was trying implement Apple Sign in with Get 1 tutorial when I was supposed to use Gen 2...
I tried this Gen 2 documents, then got this error:
#FactoryInstall Unable to query results, error: 5
Log:
Start signIn flow
Wait for signIn to complete
AWSCognitoAuthPlugin/IntializeSignInFlow.swift Starting execution
AWSCognitoAuthPlugin/IntializeSignInFlow.swift Sending event SignInEvent.initiateHostedUISignIn
Checking next step for: notStarted
Auth state change:
{
"AuthState.configured" = {
"AuthenticationState.signingIn" = {
"SignInState.notStarted" = {
};
};
"AuthorizationState.configured" = {
};
};
}
Auth state change:
{
"AuthState.configured" = {
"AuthenticationState.signingIn" = {
"SignInState.signingInWithHostedUI" = {
"HostedUISignInState.notStarted" = {
};
};
};
"AuthorizationState.configured" = {
};
};
}
AWSCognitoAuthPlugin/InitializeHostedUISignIn.swift Starting execution
AWSCognitoAuthPlugin/LoadCredentialStore.swift Starting execution
Credential Store state change:
{
"CredentialStoreState.loadingStoredCredentials" = {
};
}
Checking next step for: signingInWithHostedUI(AWSCognitoAuthPlugin.HostedUISignInState.notStarted)
AWSCognitoAuthPlugin/LoadCredentialStore.swift Retreiving credential deviceMetadata(username: "unknown")
[KeychainStore] Initialized keychain with service=com.amplify.awsCognitoAuthPlugin, attributes=KeychainStoreAttributes(itemClass: "genp", service: "com.amplify.awsCognitoAuthPlugin", accessGroup: nil), accessGroup=
[KeychainStore] Started retrieving `Data` from the store with key=authConfiguration
[KeychainStore] Successfully retrieved `Data` from the store with key=authConfiguration
[KeychainStore] Started setting `Data` for key=authConfiguration
[KeychainStore] Initialized fetching to decide whether update or add
[KeychainStore] Found existing item, updating
[KeychainStore] Successfully updated `Data` in keychain for key=authConfiguration
[KeychainStore] Started retrieving `Data` from the store with key=amplify.ap-northeast-1_17XFbRJCN.ap-northeast-1:e8991132-5a5d-433c-b243-37c81e87d8a1.unknown.deviceMetadata
[KeychainStore] No Keychain item found for key=amplify.ap-northeast-1_17XFbRJCN.ap-northeast-1:e8991132-5a5d-433c-b243-37c81e87d8a1.unknown.deviceMetadata
AWSCognitoAuthPlugin/LoadCredentialStore.swift Sending event CredentialStoreEvent.throwError
AWSCognitoAuthPlugin/IdleCredentialStore.swift Starting execution
AWSCognitoAuthPlugin/IdleCredentialStore.swift Sending event CredentialStoreEvent.moveToIdleState
AWSCognitoAuthPlugin/LoadCredentialStore.swift Starting execution
AWSCognitoAuthPlugin/LoadCredentialStore.swift Retreiving credential asfDeviceId(username: "unknown")
[KeychainStore] Initialized keychain with service=com.amplify.awsCognitoAuthPlugin, attributes=KeychainStoreAttributes(itemClass: "genp", service: "com.amplify.awsCognitoAuthPlugin", accessGroup: nil), accessGroup=
[KeychainStore] Started retrieving `Data` from the store with key=authConfiguration
[KeychainStore] Successfully retrieved `Data` from the store with key=authConfiguration
[KeychainStore] Started setting `Data` for key=authConfiguration
[KeychainStore] Initialized fetching to decide whether update or add
[KeychainStore] Found existing item, updating
[KeychainStore] Successfully updated `Data` in keychain for key=authConfiguration
[KeychainStore] Started retrieving `Data` from the store with key=amplify.ap-northeast-1_17XFbRJCN.ap-northeast-1:e8991132-5a5d-433c-b243-37c81e87d8a1.unknown.deviceASF
[KeychainStore] Successfully retrieved `Data` from the store with key=amplify.ap-northeast-1_17XFbRJCN.ap-northeast-1:e8991132-5a5d-433c-b243-37c81e87d8a1.unknown.deviceASF
AWSCognitoAuthPlugin/LoadCredentialStore.swift Sending event CredentialStoreEvent.completedOperation
AWSCognitoAuthPlugin/IdleCredentialStore.swift Starting execution
AWSCognitoAuthPlugin/IdleCredentialStore.swift Sending event CredentialStoreEvent.moveToIdleState
Credential Store state change:
{
"CredentialStoreState.error" = {
errorType = "KeychainStoreError: Unable to find the keychain item";
};
}
Credential Store state change:
{
"CredentialStoreState.idle" = {
};
}
Credential Store state change:
{
"CredentialStoreState.loadingStoredCredentials" = {
};
}
AWSCognitoAuthPlugin/InitializeHostedUISignIn.swift Sending event HostedUIEvent.showHostedUI
AWSCognitoAuthPlugin/ShowHostedUISignIn.swift Starting execution
AWSCognitoAuthPlugin/ShowHostedUISignIn.swift Showing url https://ac9321c9946bbe6e6977.auth.ap-northeast-1.amazoncognito.com/oauth2/authorize?response_type=code&code_challenge_method=S256&client_id=2f5kgl6aqur1bs5apintd8n0d6&state=662c86de-1460-4617-901a-9c8fa8b479ba&redirect_uri=iris://&scope=aws.cognito.signin.user.admin%20email%20openid%20phone%20profile&code_challenge=unmZ7i...wifSJ9&identity_provider=SignInWithApple
Auth state change:
{
"AuthState.configured" = {
"AuthenticationState.signingIn" = {
"SignInState.signingInWithHostedUI" = {
"HostedUISignInState.showingUI" = {
};
};
};
"AuthorizationState.configured" = {
};
};
}
Credential Store state change:
{
"CredentialStoreState.success" = {
savedData = "AWSCognitoAuthPlugin.CredentialStoreData.asfDeviceId(\"E0746992-21D6-4720-80AF-831DDF53F2F9\", \"unknown\")";
};
}
Credential Store state change:
{
"CredentialStoreState.idle" = {
};
}
Checking next step for: signingInWithHostedUI(AWSCognitoAuthPlugin.HostedUISignInState.showingUI(AWSCognitoAuthPlugin.HostedUISigningInState(signInURL: https://ac9321c9946bbe6e6977.auth.ap-northeast-1.amazoncognito.com/oauth2/authorize?response_type=code&code_challenge_method=S256&client_id=2f5kgl6aqur1bs5apintd8n0d6&state=662c86de-1460-4617-901a-9c8fa8b479ba&redirect_uri=iris://&scope=aws.cognito.signin.user.admin%20email%20openid%20phone%20profile&code_challenge=unm...BzA", presentationAnchor: Optional(<UIWindow: 0x10b7bc700; frame = (0 0; 393 852); hidden = YES; gestureRecognizers = <NSArray: 0x30173d220>; backgroundColor = <UIDynamicSystemColor: 0x3002b3f40; name = _windowBackgroundColor>; layer = <UIWindowLayer: 0x30196afd0>>), options: AWSCognitoAuthPlugin.HostedUIOptions(scopes: ["phone", "email", "openid", "profile", "aws.cognito.signin.user.admin"], providerInfo: AWSCognitoAuthPlugin.HostedUIProviderInfo(authProvider: Optional(Amplify.AuthProvider.apple), idpIdentifier: nil), presentationAnchor: Optional(<UIWindow: 0x10b7bc700; frame = (0 0; 393 852); hidden = YES; gestureRecognizers = <NSArray: 0x30173d220>; backgroundColor = <UIDynamicSystemColor: 0x3002b3f40; name = _windowBackgroundColor>; layer = <UIWindowLayer: 0x30196afd0>>), preferPrivateSession: false))))
#FactoryInstall Unable to query results, error: 5
auth/resource.ts
export const auth = defineAuth({
loginWith: {
externalProviders: {
signInWithApple: {
clientId: secret('SIWA_CLIENT_ID'), -> Set a Bundle ID
keyId: secret('SIWA_KEY_ID'), -> Set a Key ID
privateKey: secret('SIWA_PRIVATE_KEY'), -> Set a private key stating with -----BEGIN PRIVATE KEY-----
teamId: secret('SIWA_TEAM_ID'), -> Set an Apple Developer Team ID
scopes: ['email']
},
callbackUrls: ["iris://"],
logoutUrls: ["iris://"],
},
Would you be able to share how Amplify is configured in this case? I am asking this because with Gen2 you are supposed to be using amplifyoutputs.json file that Gen2 creates.
Furthermore, And what happens when WebUI is presented, does it show SIWA screen, or the WebUI doesn't load?
I am a little unsure what happens, when you click on the SIWA button.
amplify_outputs.json
{
"auth": {
"user_pool_id": "ap-northeast-1_17XFbRJCN",
"aws_region": "ap-northeast-1",
"user_pool_client_id": "2f5kgl6aqur1bs5apintd8n0d6",
"identity_pool_id": "ap-northeast-1:e8991132-5a5d-433c-b243-37c81e87d8a1",
"mfa_methods": [],
"standard_required_attributes": [
"email"
],
"username_attributes": [
"email"
],
"user_verification_types": [
"email"
],
"mfa_configuration": "NONE",
"password_policy": {
"min_length": 8,
"require_lowercase": true,
"require_numbers": true,
"require_symbols": true,
"require_uppercase": true
},
"oauth": {
"identity_providers": [
"SIGN_IN_WITH_APPLE"
],
"redirect_sign_in_uri": [
"iris://"
],
"redirect_sign_out_uri": [
"iris://"
],
"response_type": "code",
"scopes": [
"phone",
"email",
"openid",
"profile",
"aws.cognito.signin.user.admin"
],
"domain": "ac9321c9946bbe6e6977.auth.ap-northeast-1.amazoncognito.com"
},
"unauthenticated_identities_enabled": true
},
After I tapped Sign in with Apple button, it shows the modal, I tap the 'Sign in' button, the phone do the face recognition, then it fails with this screen.
@ChurikiTenna The image is not loading, I am not able to see what happens there..
@harsh62
How about this (link to the same image): https://private-user-images.githubusercontent.com/52132649/370667731-a8cae95a-7180-429c-8483-8fdd25ed77b3.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjczMTQyNTUsIm5iZiI6MTcyNzMxMzk1NSwicGF0aCI6Ii81MjEzMjY0OS8zNzA2Njc3MzEtYThjYWU5NWEtNzE4MC00MjljLTg0ODMtOGZkZDI1ZWQ3N2IzLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA5MjYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwOTI2VDAxMjU1NVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTEwMDk3NDFhNGRlMzgzOTVmMmUyM2RjOTYzNDI0MWVkMjljZDY0ZmY1YjQ1M2Q1YmNiY2U1OTJlZjQzNjY0OTAmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.r2T9H103WwOyyIQD6-Sk8XZn8dNnFtsCE3B8J536hYU
It seems like your SIWA account details are not correct either in Apple developer account or Cognito, can you double check if something is not matching up. Meanwhile, I'll try to setup another account on my side and see if I am able to repro the issue you are seeing.
I tried the Gen 2 steps all over again, but it failed with the same error.
(changed the service id to {my-bundle-id}.sid according to the document)
I think i am misunderstanding how secret() works or how to create website urls?? Some parts of the document is unclear/missing...
(Like what’s gonna be supposed to be in SIWA_CLIENT_ID secret.)
Is there any way that I can use SignInWithAppleButton flow (like Firebase does)?? it is gonna be way simpler.
It is knows issue of Amplify, it does not allow to Sign in with Apple by passing Auth token directly, like You made in Your code. Apple sigh in works only throw web (signInWithWeb), apple button does not work. A lot of people asked aws teem fix this issue, but they can not do that during years.
Also need to mention, standard session duration is 30 days, and when session expired it is not possible to recognize by Amplify API, it always says that session is valid and used signed in, but when app call some GraphQL api app just throw error something like "User does not have access". I solved it just set up tokes life time to 10 years.
It was the service id.
I set the service id to {my-bundle-id}.sid, then it started working fine!
This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.