I think many already after WWDC 2019 heard Sign In with Apple (SIWA for short). In the material I will tell you what specific pitfalls I had to face when integrating this item into our licensed portal. This article is not quite for those who just decided to deal with SIWA (for them I gave a number of fact-finding links at the end of the text). In this article, most likely, many will find answers to questions that may arise when integrating the new Apple service.
Apple does not allow custom redirects
Actually, I still do not see the answer to this question on development forums. The bottom line is: if you want to use the SIWA JS API, i.e. If you donβt work through the native SDK due to the lack of it for one reason or another (not macOS / iOS or the old version of these systems), then you need your own public portal, otherwise nothing. Because on the WWDR portal you need to register and confirm that you are the owner, your domain and only on it you can attach valid redirects from the point of view of Apple:
What to do if there is a desire to intercept a redirect in the application? We solved this problem very simply: on our portal we created a list of valid redirects for our applications, which they order before showing the SIWA authorization page. And just do a redirect from the portal to the application with the data received from Apple. Simple and cheerful.
Email Issues
Let's look at how we solved problems with the user's e-mail. Firstly, there is no REST API that allows you to get this info from the backend - only the client receives this data and can transmit it together with the authorization code.
Secondly, information about the user's name and e-mail is transmitted only once, to the very first user login to the application via Apple, where the user selects options for sharing his personal data.
By themselves, these problems are not directly critical if the connection to the social profile was successfully created on the portal - the user ID is the same and is tied to Team ID - i.e. it is one for all the applications of your team integrated with SIWA. But if login was made through Apple, and then an error occurred and communication on the portal was not created, then the only option is to send the user to appleid.apple.com, disconnect from the application and try again. Actually, the problem is solved by writing the corresponding KB article and a link to it.
The next more unpleasant problem is that Apple came up with a new concept with proxy e-mail. In our case, if the user was already on the licensed portal with his real soap and when he first logs in through Apple selects the option to hide e-mail, a new account with this proxy e-mail is registered, in which obviously there are no licenses, which puts the end user in dead end.
The solution to this problem is quite simple: the user ID is the same in SIWA and does not depend on the selected options / application, which is sign in, then we just use a special script to allow us to switch this bundle from Apple to another account with a real user soap and thereby βrestore our purchases ". After this procedure, the user starts through SIWA to get to another account on the portal and everything works for him correctly.
When Sign In via the web portal there is no application icon
To solve another problem, we asked Apple representatives for clarification, share our knowledge:
https://forums.developer.apple.com/thread/123054
Those. the meaning is as follows: at the head of the SIWA group m. only the macOS / iOS application is delivered, into which the necessary service IDs of the portals are already added. Accordingly, to show the icon at the head application d. App Store versions of Apple tested media. The icon will be taken from there.
Accordingly, if you only have a portal and there is no application from the App Store, then there will not be a beautiful icon, but you can get out with the name of the application - in the absence of media, the main application takes this info from Description service ID:
The number of elements in the SIWA group is limited to 5
This problem does not have a solution at the moment, except to use a lot of groups, if you are missing 6 identifiers: 1 main application and 5 dependent ones, then when you try to register the next you will see this message:
We have created groups for our licensed portal and for each of the applications that operate with this portal. Regarding the restrictions on the slots, we have already launched a radar at Apple and are awaiting their response.
useful links
The most useful
link , in my opinion, according to which I did everything in essence. Apple's useful dock is
here .
Enjoy! Questions, thoughts, ideas and suggestions are accepted in the comments.