Help - Configure sign in with Apple

[harrytang]

Hi,

I got the error: prepare login url for [apple] provider failed

I did follow the doc very carefully but could not make it work.

I have my remark42 (v1.13.1) running at https://comment.harrytang.xyz/. This is my Web Authentication Configuration in Apple:

I don't know if something not correct, any help really appreciated! Thanks

Here is the logs:

2024/09/19 14:11:28.454 [DEBUG] {provider/apple.go:244 provider.(*AppleHandler).LoginHandler} login with apple
2024/09/19 14:11:28.454 [ERROR] {provider/apple.go:281 provider.(*AppleHandler).LoginHandler} prepare login url for [apple] provider failed
2024/09/19 14:11:28.454 [INFO]  {rest/httperrors.go:39 rest.SendErrorJSON} prepare login url for [apple] provider failed - response_mode must be form_post if scope is not empty - 500 - 88.112.34.153 - /auth/apple/login?from=https://comment.harrytang.xyz/web/iframe.html?selfClose&site=harrytang.xyz [caused by auth/provider/apple.go:282 provider.(*AppleHandler).LoginHandler]
2024/09/19 14:11:28.454 [ERROR] {provider/apple.go:281 provider.(*AppleHandler).LoginHandler} prepare login url for [apple] provider failed
2024/09/19 14:11:28.454 [INFO]  {logger/logger.go:134 logger.(*Middleware).Handler-fm.(*Middleware).Handler.func1.1} GET - /auth/apple/login?from=https://comment.harrytang.xyz/web/iframe.html?selfClose&site=harrytang.xyz - comment.harrytang.xyz - 586fcf4504d9 - 500 (58) - 173.282µs - e3807323-accc-9078-bbeb-66a29d51012e
2024/09/19 14:13:29.979 [INFO]  {logger/logger.go:134 logger.(*Middleware).Handler-fm.(*Middleware).Handler.func1.1} GET - /api/v1/config?site=harrytang.xyz - comment.harrytang.xyz - 586fcf4504d9 - 200 (579) - 29.481µs - d3d19160-62ba-9cf9-99b9-eed12c6fc4a5
2024/09/19 14:13:30.029 [DEBUG] {middleware/auth.go:75 middleware.(*Authenticator).Auth.(*Authenticator).auth.func1} auth failed, invalid kind of token
2024/09/19 14:13:30.037 [DEBUG] {api/rest_public.go:73 api.(*public).findCommentsCtrl} get comments for {SiteID:harrytang.xyz URL:https://harrytang.xyz/blog/how-receive-salary-using-wise}, sort -active, format tree, since 0001-01-01 00:00:00 +0000 UTC
2024/09/19 14:13:30.037 [INFO]  {logger/logger.go:134 logger.(*Middleware).Handler-fm.(*Middleware).Handler.func1.1} GET - /api/v1/find?site=harrytang.xyz&url=https://harrytang.xyz/blog/how-receive-salary-using-wise&sort=-active&format=tree - comment.harrytang.xyz - 586fcf4504d9 - 200 (106) - 61.68µs - 82c44698-c5b8-9d6f-bb25-7bdcd3f976b7

[paskal]

I'll check it. As a first step, could you please see if error in ghcr.io/umputun/remark42:v1.13.1 and ghcr.io/umputun/remark42:master is the same? If it would be the same, please also check v1.13.0 and v1.12.0.

[harrytang]

Hi,

Thank you for your response!

It seems that the master generated the Apple login URL correctly. But after performing the sign in, I was redirected back to https://comment.harrytang.xyz/web/iframe.html?selfClose and got HTTP ERROR 405.

And seem there is also a UI problem with the sign in button:

Logs:

2024/09/19 21:54:23.063 [DEBUG] {provider/apple.go:244 provider.(*AppleHandler).LoginHandler} login with apple
2024/09/19 21:54:23.064 [DEBUG] {provider/apple.go:285 provider.(*AppleHandler).LoginHandler} login url https://appleid.apple.com/auth/authorize?client_id=xyz.harrytang.auth&redirect_uri=https%3A%2F%2Fcomment.harrytang.xyz%2Fauth%2Fapple%2Fcallback&response_mode=form_post&response_type=code&scope=name&state=c9f8b3f35d2aa36e2ad5d5bfc4217fe2ba3d49d0, claims={"aud":"harrytang.xyz","exp":1726802663,"jti":"a5dfc4a5c5075fb5ad394d6e9ecd77bf366b05b3","nbf":1726800803,"handshake":{"state":"c9f8b3f35d2aa36e2ad5d5bfc4217fe2ba3d49d0","from":"https://comment.harrytang.xyz/web/iframe.html?selfClose"}}
2024/09/19 21:54:23.064 [INFO]  {logger/logger.go:134 logger.(*Middleware).Handler-fm.(*Middleware).Handler.func1.1} GET - /auth/apple/login?from=https://comment.harrytang.xyz/web/iframe.html?selfClose&site=harrytang.xyz - comment.harrytang.xyz - 586fcf4504d9 - 302 (288) - 591.604µs - 2f2b9331-d7b5-9faa-8b94-f90778d3e207
2024/09/19 21:54:43.809 [DEBUG] {provider/apple.go:331 provider.AppleHandler.AuthHandler} response data {AccessToken:xxx.0.yyy.zzz-Mlzg TokenType:Bearer ExpiresIn:3600 RefreshToken:yyy.0.rrxyx.zzz IDToken:xxx.yyy.zzz-ddd-ccc-bbb-aaa Error:}
2024/09/19 21:54:43.963 [DEBUG] {avatar/avatar.go:156 avatar.(*Proxy).resize} avatar resize(): limit should be greater than 0
2024/09/19 21:54:43.964 [DEBUG] {avatar/avatar.go:50 avatar.(*Proxy).Put.func1} saved identicon avatar to 9c009f8983aaa2c8da0ec568266290108e089df9.image, user ""
2024/09/19 21:54:43.964 [DEBUG] {provider/apple.go:501 provider.(*AppleHandler).parseUserData} failed to parse user data &{ apple_b4de77c4100f0d9fc3301796a8299c7c0afa58ac https://comment.harrytang.xyz/api/v1/avatar/9c009f8983aaa2c8da0ec568266290108e089df9.image    map[] }: unexpected end of JSON input
2024/09/19 21:54:43.964 [DEBUG] {provider/apple.go:386 provider.AppleHandler.AuthHandler} user info {Name:noname_b4de77 ID:apple_b4de77c4100f0d9fc3301796a8299c7c0afa58ac Picture:https://comment.harrytang.xyz/api/v1/avatar/9c009f8983aaa2c8da0ec568266290108e089df9.image Audience: IP: Email: Attributes:map[admin:false blocked:false] Role:}
2024/09/19 21:54:43.964 [INFO]  {logger/logger.go:134 logger.(*Middleware).Handler-fm.(*Middleware).Handler.func1.1} POST - /auth/apple/callback - comment.harrytang.xyz - 586fcf4504d9 - 307 (0) - 975.584117ms - 85f098f5-5e92-94ea-ac03-844e2ea47e05 - state=c9f8b3f35d2aa36e2ad5d5bfc4217fe2ba3d49d0&code=cbb246815e9d846feb898085f5758e9c8.0.rrxyx.BQjHhJcPbQh0ZYU-A0xEDA

[harrytang]

Logs for v.1.13.0:

2024/09/19 22:04:21.899 [DEBUG] {provider/apple.go:244 provider.(*AppleHandler).LoginHandler} login with apple
2024/09/19 22:04:21.899 [ERROR] {provider/apple.go:281 provider.(*AppleHandler).LoginHandler} prepare login url for [apple] provider failed
2024/09/19 22:04:21.899 [INFO]  {rest/httperrors.go:39 rest.SendErrorJSON} prepare login url for [apple] provider failed - response_mode must be form_post if scope is not empty - 500 - 88.112.34.153 - /auth/apple/login?from=https://comment.harrytang.xyz/web/iframe.html?selfClose&site=harrytang.xyz [caused by auth/provider/apple.go:282 provider.(*AppleHandler).LoginHandler]
2024/09/19 22:04:21.899 [ERROR] {provider/apple.go:281 provider.(*AppleHandler).LoginHandler} prepare login url for [apple] provider failed
2024/09/19 22:04:21.899 [INFO]  {logger/logger.go:134 logger.(*Middleware).Handler-fm.(*Middleware).Handler.func1.1} GET - /auth/apple/login?from=https://comment.harrytang.xyz/web/iframe.html?selfClose&site=harrytang.xyz - comment.harrytang.xyz - 586fcf4504d9 - 500 (58) - 193.402µs - ad74f07f-c1e6-9587-8013-350ba02efd33
2024/09/19 22:05:08.215 [DEBUG] {middleware/auth.go:75 middleware.(*Authenticator).Auth.(*Authenticator).auth.func1} auth failed, invalid kind of token

v.1.12.0:

2024/09/19 22:25:41.909 [DEBUG] {provider/apple.go:244 provider.(*AppleHandler).LoginHandler} login with apple
2024/09/19 22:25:41.909 [ERROR] {provider/apple.go:281 provider.(*AppleHandler).LoginHandler} prepare login url for [apple] provider failed
2024/09/19 22:25:41.909 [INFO]  {rest/httperrors.go:39 rest.SendErrorJSON} prepare login url for [apple] provider failed - response_mode must be form_post if scope is not empty - 500 - 88.112.34.153 - /auth/apple/login?from=https://comment.harrytang.xyz/web/iframe.html?selfClose&site=harrytang.xyz [caused by auth/provider/apple.go:282 provider.(*AppleHandler).LoginHandler]
2024/09/19 22:25:41.910 [INFO]  {logger/logger.go:134 logger.(*Middleware).Handler.func1.1} GET - /auth/apple/login?from=https://comment.harrytang.xyz/web/iframe.html?selfClose&site=harrytang.xyz - comment.harrytang.xyz - 586fcf4504d9 - 500 (58) - 1.051848ms - c07d0617-3dfa-992d-98be-b5c90a7c0933
2024/09/19 22:25:41.909 [ERROR] {provider/apple.go:281 provider.(*AppleHandler).LoginHandler} prepare login url for [apple] provider failed

[paskal]

The UI problem is due to cached wrong version of CSS, force-reload of the page (or incognito mode) would fix that. There seem to be some breaking CSS change between master and one of the versions you tested.

I'll check what to do with ?selfClose page and once it works, we'll make a new minor release so that latest image would be updated and work with Apple sign in.

[paskal]

According to what I see in the code, the current master image must work properly. Could you please deploy it to https://comment.harrytang.xyz/ so I could test it?

[harrytang]

Thank you, now it deployed.

[paskal]

Current master behaviour in Safari: after login, iframe.html is downloaded from /web/iframe.html?selfClose with size 0.

Chrome: after login, POST request to /web/iframe.html?selfClose which fails with code 405 Method Not Allowed.

Afterwards, I am not logged in on the comments page right away, but shown as logged in after page refresh.

I'll think how to handle this. It's improvement over not working login, but doesn't sound like working fine.

[harrytang]

Hi, I see that Apple Login in the live demo works just fine, is it running the ghcr.io/umputun/remark42:master image?

[paskal]

Yes, it is working on demo. I need to do something about iframe.html behaviour when it receives POST request: I guess there is some custom setup on demo to make it work.