Can't get email / name on login after revoking user account | React Native Firebase

On every attempt of login and logout, I receive email and user name from apple as long as I have not revoked it. But if I revoke, and then try to login again. In that case, I don't get email/name.

If I delete my apple account from device, and re login from settings. In that case, I get only user name on first login attempt in app. On subsequent logins, I get nothing. What could be possibly wrong with my flow?

My login code is as

import { appleAuth } from '@invertase/react-native-apple-authentication';
import auth from '@react-native-firebase/auth';
const appleAuthRequestResponse = await appleAuth.performRequest({
        requestedOperation: appleAuth.Operation.LOGIN,
        requestedScopes: [appleAuth.Scope.EMAIL, appleAuth.Scope.FULL_NAME],
      });
      // Ensure Apple returned a user identityToken
      if (!appleAuthRequestResponse.identityToken) {
        Alert.alert('Error', 'Apple Sign-In failed - no identify token returned');
        return;
      }
   

      // Create a Firebase credential from the response
      const { identityToken, nonce } = appleAuthRequestResponse;
      const appleCredential = auth.AppleAuthProvider.credential(identityToken, nonce);

      // Sign the user in with the credential
      const res = await auth().signInWithCredential(appleCredential);
      console.log(res.user.email) // returns email

The revoke code is as follows

import { appleAuth } from '@invertase/react-native-apple-authentication';
     import { getAppleAuthorizationToken } from '../firebase/cloudFunctions';
     const authTokenJWT = await getAppleAuthorizationToken(); // call to get JWT
    appleAuthRequestResponse = await appleAuth.performRequest({
      requestedOperation: appleAuth.Operation.LOGIN,
      requestedScopes: [appleAuth.Scope.EMAIL, appleAuth.Scope.FULL_NAME],
    });
    const { authorizationCode } = appleAuthRequestResponse;
    const config = {
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      },
    };
    const authTokenBody = {
      client_id: PACKAGE_NAME,
      client_secret: authTokenJWT.data.jwt,
      code: authorizationCode,
      grant_type: 'authorization_code',
    };
    const generateAuthTokenUrl = 'https://appleid.apple.com/auth/token';

    const res1 = await axios.post(generateAuthTokenUrl, authTokenBody, config);

    const revokeTokenBody = {
      client_id: PACKAGE_NAME,
      client_secret: authTokenJWT.data.jwt,
      token: res1.data.refresh_token,
      token_type_hint: 'refresh_token',
    };
    const revokeAuthTokenUrl = 'https://appleid.apple.com/auth/revoke';
    const res2 = await axios.post(revokeAuthTokenUrl, revokeTokenBody, config);
   // res2 is empty with status 200.
Up vote post of matto-dev Down vote post of matto-dev
1.4k views
Posted by
matto-dev
Reply
Add a Comment

Replies

Hi matto-dev,

You wrote:

On every attempt of login and logout, I receive email and user name from apple as long as I have not revoked it. But if I revoke, and then try to login again. In that case, I don't get email/name.

This does not match the expected behavior of Sign in with Apple. You should reach out to the React Native support channel for insight into how their implementation of Sign in with Apple is configured. For this post, I'll focus on the expected behavior of Sign in with Apple—without considering third-party libraries. The user's full name and email are only requested during the initial user authorization flow, and returned in the initial authorization response body. On subsequent authorization requests, the user's email is provided within the identity token; however, the user's full name is not returned (since it was only given to the client and was never received by Apple). This is by design, and is documented on Authenticating users with Sign in with Apple.

Then, you wrote:

If I delete my apple account from device, and re login from settings. In that case, I get only user name on first login attempt in app. On subsequent logins, I get nothing. What could be possibly wrong with my flow?

This is also expected behavior (as described in the documentation above). To revoke credentials, you have two options:

  1. A developer may revoke programmatically via the Revoke tokens endpoint.
  2. A user may revoke manually via the iCloud Settings on device, or the Apple ID website.

Cheers,

Paris

Posted by
ppinkney
Up vote reply of ppinkney Down vote reply of ppinkney
Add a Comment