User not properly created with Apple sign in for React Native Realm

I’m able to sign a user in successfully via Apple sign in. The logs show that “oauth2-apple” succeeded. However, I am unable to access Realm.User.profile, and when I check the App Users section in the Realm console, there’s a user with an “unknown” Name and the provider shows “Unknown, oauth2-apple” that matches the userId of the user that was successfully signed in via “oauth2-apple” in the logs .

Are there additional steps for Apple sign-in to create a Realm user? Google sign-in automatically creates a Realm user with the user’s Google data, so I thought Apple sign-in might be similar.

Thanks!

@Jerry_Wang Can you post more code to show what you are doing? Although it is Google OAuth - this post may help you - Facebook + Google OAuth Issues?

Hi Ian,

Thanks for getting back to me!

Google OAuth works perfectly for me.

I’m having trouble with Apple sign-in. Apple sign-in is able to log a person in, but it looks like Realm is creating an anonymous user for that person in the backend rather than a user with information populated from Apple. The provider information in the Realm console shows “Unknown, oauth2-apple”.

I’m creating a Realm app with:

let realmApp = new Realm.App({
    id: APP_ID,
    timeout: 10000,
    app: {
      name: 'default',
      version: '0',
    }
});

Then, this is how I’m signing a user in through Apple:

import appleAuth, {
  AppleAuthCredentialState,
  AppleAuthRequestOperation,
  AppleAuthRequestScope,
  AppleButton,
} from '@invertase/react-native-apple-authentication';

<AppleButton
    onPress={async () => {
        const identityToken = await getAppleIdentityToken();
        const credential = Realm.Credentials.apple(identityToken);
        const user = await realmApp.logIn(credential);
        // user.profile is undefined <----------------------------------
      }}
/>

const getAppleIdentityToken = async () => {
  const appleAuthRequestResponse = await appleAuth.performRequest({
    requestedOperation: AppleAuthRequestOperation.LOGIN,
    requestedScopes: [
      AppleAuthRequestScope.EMAIL,
      AppleAuthRequestScope.FULL_NAME,
    ],
  });

  const credentialState = await appleAuth.getCredentialStateForUser(
    appleAuthRequestResponse.user,
  );

  if (credentialState === AppleAuthCredentialState.AUTHORIZED) {
    return appleAuthRequestResponse.identityToken;
  } else {
    throw new Error('Credential state is not authorized.');
  }
};

The request is successful according to the Realm logs:

But the user shows up as “unknown” in the App Users section of the Realm console:

React Native: 0.63.1
Realm: 10.0.0-rc.1

Hey Jerry,

You’re right, this does seem a bit weird. Do you mind messaging me a link to your application so we can take a deeper look.

cc: @Ian_Ward this looks like a different issue.

Hey Jerry -

So actually, Apple does not give any user information intentionally. The workaround here would be to use Realm’s custom user data to populate any extra information about the user when they login via a Realm

You can do this after the user logs in from the client or via an authentication trigger (these do not support Apple OAuth yet but we’re expecting that should be fixed within the next release in ~2 weeks).

1 Like

Gotcha.

Just out of curiosity, why does storing the Apple user information require an authentication trigger? Apple does receive the email and full name (or requested scopes) for the user the first time a user signs in via Apple (or the first time a user signs in after revoking Apple credentials for the app). The information is available in the identity token that’s passed into Realm.Credentials.apple. Are there any plans to store the user information in the identity token automatically in Realm.User.profile in the future?

Again, thanks for the help! Can’t wait for the next release (:

1 Like

I mentioned using Authentication triggers as a way to populate Custom User Data as that is a standard pattern that developers use when developing with Realm.

I believe the reason we chose not to populate name/email is that they can’t be trusted and the email address could sometimes be an alias - see article from Okta here

Note: Apple will send the user’s name and email in the form post response back to your redirect URL. You should not treat these values as authoritative, because like the OAuth Implicit flow, the data cannot be safely trusted at this point. Unfortunately Apple does not return the user’s name in the ID token where it would be safe to trust.

If you have suggestions based on Apple’s current API that might improve the experience, feel free to drop a suggestion here so we can track collective feedback from the community. Hope this was helpful!

Does it mean that with Apple Auth the email and username are unavailable? Or it’s only in a currentUser.profile, while we still can get the user’s email and username in auth trigger via user.data.email and user.data.name?