FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. akash
    A
    • Profile
    • Following 0
    • Followers 0
    • Topics 1
    • Posts 4
    • Best 1
    • Controversial 0
    • Groups 0

    akash

    @akash

    1
    Reputation
    1
    Profile views
    4
    Posts
    0
    Followers
    0
    Following
    Joined Last Online

    akash Unfollow Follow

    Best posts made by akash

    • [ExternalAuthenticationException]AppleIdToken

      FusionAuth version - 1.31.0
      Platform - docker

      Step 1 : Generate Authorization code
      I have successfully retrieved the authorization code from apple using the following endpoint,

      https://appleid.apple.com/auth/authorize?client_id=<my-client-id>&response_type=code&redirect_uri=<my-redirect-url>
      

      Step 2: Generate Tokens
      I have successfully generated an id token using code generated from Generate Authorization code from step 1 using the following request,

      POST-https://appleid.apple.com/auth/token
      
      Content-Type: application/x-www-form-urlencodedclient_id:<my-client-id>
      
      client_secret:<my-client-secret>
      code:<code from-step-1>
      grant_type:authorization_code
      redirect_uri:<my-redirect-url>
      

      Step 3: Setup Apple Identity provider in FusionAuth

      • I have successfully imported the apple private key into Fusionauth Elliptic private key

      • I have successfully created an identity provider for apple using service id, team id, and imported Elliptic private key.

      Step 4: Complete Apple Login in FusionAuth
      I requested Fusionauth using the following request :

      POST /api/identity-provider/login
      
      Request body
      {
          "applicationId": "<my-application-id>",
          "data": {
              "code": "<code-generated-in-step-1>",
              "id_token": "<id-token-generated-in-step-2>",
              "redirect_uri": "<my-redirect-url>"
          },
        "identityProviderId": "13d2a5db-7ef9-4d62-b909-0df58612e775"
      }
      

      I got the following error response with 401:

      {
          "generalErrors": [
              {
                  "code": "[ExternalAuthenticationException]AppleIdToken",
                  "message": "The id_token returned from Apple is invalid or cannot be verified. Unable to complete this login request."
              }
          ]
      }
      

      Can you please guide me on this issue?

      posted in General Discussion
      A
      akash

    Latest posts made by akash

    • RE: [ExternalAuthenticationException]AppleIdToken

      @joshua

      I have inserted the code and id_token in the API call as you mentioned and
      My logs had been cut off, The following are the complete logs,

      Apple IdP Response Debug Log [13d2a5db-7ef9-4d62-b909-0df58612e775]
      
      7/7/2022 12:18:37 PM GMT Validate the provided [id_token] value [eyJraWQiOiJmaDZCczhDIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnJldm9sdXRpb25jYXJzLmRlbW8iLCJleHAiOjE2NTcyODI1NzcsImlhdCI6MTY1NzE5NjE3Nywic3ViIjoiMDAwNzA1LjQ5YTA5ZjYyNTMyNjRhMDNhYTQ5N2ExYTlhYzI3MDY5LjE0MTciLCJhdF9oYXNoIjoiWTRsTVlESkRITHdteldpc3FzbTY2ZyIsImVtYWlsIjoiZ2FuZXNobW9vcnRoeTU5OTlAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIiwiYXV0aF90aW1lIjoxNjU3MTk2MTU5LCJub25jZV9zdXBwb3J0ZWQiOnRydWV9.aK7dDZdZSue6gCpmba0YL8PVX2qkbru-4DE0NNNBKBKnqN2uFmwgbcjYRqb-jj4UIKCibDcUSsd4mbD9wRHK4o8rH8M_ZCBdgJ8cIr1sx8JTQ7M1BOSyap7GsxWzPdR_stCJn7xWBeUulRtpWdemj-H3_6DwMQak0E4IG2ZxAdTwmTz464FGynmbmXQaKBqqLJP5WXFagLHZNFZeCd9Tr458B3__KGcPni912IwHLl1Yhhn-oqLm7RU5Ck5iTPZfvW2oZwljtdilCONVzXHsyHnL0hPZcvzrlxWXxXhljpg_VeuS-M53amL2JgAQRjloFARBqfRWW3zt5qdRYVYl1w]
      7/7/2022 12:18:37 PM GMT Decode the [id_token].
      7/7/2022 12:18:37 PM GMT Assert the [iss] claim is equal to [https://appleid.apple.com].
      7/7/2022 12:18:37 PM GMT Assert the [aud] claim is equal to [com.revolutioncars.demo].
      7/7/2022 12:18:37 PM GMT Calculate the [c_hash] to ensure the integrity of the provided [code] value [].
      7/7/2022 12:18:37 PM GMT The [id_token] integrity check failed. Expected a [c_hash] of [null] and found [47DEQpj8HBSa-_TImW-5JA].
      
      posted in General Discussion
      A
      akash
    • RE: [ExternalAuthenticationException]AppleIdToken

      @joshua,
      I Have tried using hybrid grand flow and generated authorization code using the following endpoint,

      https://appleid.apple.com/auth/authorize?response_type=code%20id_token&client_id=<my-client-id>&redirect_uri=<my-redirect-url>&response_mode=form_post&scope=name%20email
      

      And followed the steps, I mentioned in the first post but still got the same following 401 error response,

      {
          "generalErrors": [
              {
                  "code": "[ExternalAuthenticationException]AppleIdToken",
                  "message": "The id_token returned from Apple is invalid or cannot be verified. Unable to complete this login request."
              }
          ]
      }
      

      And I have noticed that the same error is also shown in debug log,

      Apple IdP Response Debug Log [13d2a5db-7ef9-4d62-b909-0df58612e775]
      
      4/18/2022 09:36:50 AM GMT Validate the provided [id_token] value [eyJraWQiOiJZdXlYb1kiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnJldm9sdXRpb25jYXJzLmRlbW8iLCJleHAiOjE2NTAzNjAxNTQsImlhdCI6MTY1MDI3Mzc1NCwic3ViIjoiMDAxOTM2LjExZDhmMDRlZTcxNTRjNTBhNzNlNzY0YTZiYjgxYTc4LjEyNTQiLCJhdF9oYXNoIjoiTkJqdzFiVFJCRElJd3VHZnNrQVRRdyIsImF1dGhfdGltZSI6MTY1MDI3MzczOCwibm9uY2Vfc3VwcG9ydGVkIjp0cnVlfQ.vv2Gm8cIqaxS-hA7x7ArUJSIViv8ciWTJ78szoDUbInOwCY1jGPKCGIVQGeuAktOKBUfhhVWyyFIu26-y6Ue9lIu1n4r0UC41ZX9kjHLpk1xMP3Zf6M3IQoj7aOYRWOohc9FBmrikoARmGKEIYSMZakgniPRrLn_SvrCyTs4yG049YaClo_TUyO9kypAWaPG7PD9WMTXj28_4cOo36E5rxhzKu-1F6u9YTIw_YdoTPiKkN2Z6gcnta0PwYAwEiB61cQCQuFTD-pFPtHbyVrDxn72Jk-e2pqqo5xY1xaSZ10tG6fOPOlaltMt8Q0r4rxKnc_Qucr2lbppaGFDGoAhWg]
      4/18/2022 09:36:50 AM GMT Decode the [id_token].
      4/18/2022 09:36:50 AM GMT Assert the [iss] claim is equal to [https://appleid.apple.com].
      4/18/2022 09:36:50 AM GMT Assert the [aud] claim is equal to [com.revolutioncars.demo].
      4/18/2022 09:36:50 AM GMT Calculate the [c_hash] to ensure the integrity of the provided [code] value [c667757d99b164e63b63e7c3eaa3e211d.0.rrztw.Erf15Va-FL9xxQTjq0rg3w].
      

      Thanks,
      Akash

      posted in General Discussion
      A
      akash
    • RE: [ExternalAuthenticationException]AppleIdToken

      @joshua,

      Following is the event log,
      Apple IdP Response Debug Log [13d2a5db-7ef9-4d62-b909-0df58612e775]

      4/12/2022 06:17:57 AM GMT Validate the provided [id_token] value [eyJraWQiOiJmaDZCczhDIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnJldm9sdXRpb25jYXJzLmRlbW8iLCJleHAiOjE2NDk4MzA2NTUsImlhdCI6MTY0OTc0NDI1NSwic3ViIjoiMDAwNzA1LjQ5YTA5ZjYyNTMyNjRhMDNhYTQ5N2ExYTlhYzI3MDY5LjE0MTciLCJhdF9oYXNoIjoiSEd3a0FvdlVsRkJyck1wbXJZb3JndyIsImVtYWlsIjoiZ2FuZXNobW9vcnRoeTU5OTlAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIiwiYXV0aF90aW1lIjoxNjQ5NzQ0MjQxLCJub25jZV9zdXBwb3J0ZWQiOnRydWV9.F742sVkpmI1SAMigPN8Nq4IpLdRm20xgkRfHSiEX0JQVfQDrntkuWdIJUAYgGWgvawBeL9VtfgMKSfPUsAQUDGu7DOdWTNXQjBRiywUmeXcPTmcWahbbI2KmKuqMuP03QOgGUtUx_uWXuKfHF4MKxAUeq2bh8cKdX7lIzNad2_AkGRK5q41-rtk85fl8NuIGghlBHvhPrqZyr0-VWJjo8Ty5jUB-DQTAd081-PbLjGrx-OcQ6gwTflCbcxnPaaQvDirs96LS16fDqSvDlCVNbdJEGBn7EdPchKhSaf740XP6vO40Yu8E4qdEMzp0hWb-BOaA08hiiFYToC_uiKr7uQ]
      4/12/2022 06:17:57 AM GMT Decode the [id_token].
      4/12/2022 06:17:57 AM GMT Assert the [iss] claim is equal to [https://appleid.apple.com].
      4/12/2022 06:17:57 AM GMT Assert the [aud] claim is equal to [com.revolutioncars.demo].
      4/12/2022 06:17:57 AM GMT Calculate the [c_hash] to ensure the integrity of the provided [code] value [cfbd3ee542bc646c780e40519aa1258c5.0.rxqv.jSymeElqCsLv6_lJxq1vqg].
      4/12/2022 06:17:57 AM GMT The [id_token] integrity check failed. Expected a [c_hash] of [null] and found [18lo6UM0UdBPwl7OHzLljg].
      

      Thanks,
      Akash

      posted in General Discussion
      A
      akash
    • [ExternalAuthenticationException]AppleIdToken

      FusionAuth version - 1.31.0
      Platform - docker

      Step 1 : Generate Authorization code
      I have successfully retrieved the authorization code from apple using the following endpoint,

      https://appleid.apple.com/auth/authorize?client_id=<my-client-id>&response_type=code&redirect_uri=<my-redirect-url>
      

      Step 2: Generate Tokens
      I have successfully generated an id token using code generated from Generate Authorization code from step 1 using the following request,

      POST-https://appleid.apple.com/auth/token
      
      Content-Type: application/x-www-form-urlencodedclient_id:<my-client-id>
      
      client_secret:<my-client-secret>
      code:<code from-step-1>
      grant_type:authorization_code
      redirect_uri:<my-redirect-url>
      

      Step 3: Setup Apple Identity provider in FusionAuth

      • I have successfully imported the apple private key into Fusionauth Elliptic private key

      • I have successfully created an identity provider for apple using service id, team id, and imported Elliptic private key.

      Step 4: Complete Apple Login in FusionAuth
      I requested Fusionauth using the following request :

      POST /api/identity-provider/login
      
      Request body
      {
          "applicationId": "<my-application-id>",
          "data": {
              "code": "<code-generated-in-step-1>",
              "id_token": "<id-token-generated-in-step-2>",
              "redirect_uri": "<my-redirect-url>"
          },
        "identityProviderId": "13d2a5db-7ef9-4d62-b909-0df58612e775"
      }
      

      I got the following error response with 401:

      {
          "generalErrors": [
              {
                  "code": "[ExternalAuthenticationException]AppleIdToken",
                  "message": "The id_token returned from Apple is invalid or cannot be verified. Unable to complete this login request."
              }
          ]
      }
      

      Can you please guide me on this issue?

      posted in General Discussion
      A
      akash