Idea

pixelsage avatar image
pixelsage suggested

Sign in with Apple

PlayFab should make sure to stay on top of this new feature from Apple:

"Sign In with Apple will be available for beta testing this summer. It will be required as an option for users in apps that support third-party sign-in when it is commercially available later this year.

This means that, theoretically, anytime you see an option to sign-in to a service with Facebook or Google, you should also see an option to sign in with your Apple account. Thus, developers will be required to update their apps to integrate “Sign in with Apple.”"

Account Management
1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Crystal L Bandalan avatar image Crystal L Bandalan commented ·

Thanks for this

0 Likes 0 ·

10 Comments

·
brandon@uprootstudios.com avatar image
brandon@uprootstudios.com commented

I feel like since this is a "game breaker" for those that use any social login system on iOS, PlayFab might be "forced" to implement it if they want to keep offering any social login on an iOS platform by the time iOS 13 comes out.

1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

pixelsage avatar image pixelsage commented ·

Yeah, possibly. And I know it's been on Playfab's roadmap to get Game Center login working, too. Talk about untimely.

0 Likes 0 ·
brandon avatar image
brandon commented

It was already stated in the OP, but I wanted to include some references for those who are curious. Sign-In with Apple will indeed be required.

Sign In with Apple will be available for beta testing this summer. It will be required as an option for users in apps that support third-party sign-in when it is commercially available later this year.

Reference: https://developer.apple.com/news/?id=06032019j
1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

pixelsage avatar image pixelsage commented ·

Thanks! It definitely helps to have the official source referenced.

0 Likes 0 ·
Fakhra AlMansouri avatar image
Fakhra AlMansouri commented

I can confirm that Apple will make it mandatory for those apps which required sign in with Facebook or Google.

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brandon@uprootstudios.com avatar image
brandon@uprootstudios.com commented

Unfortunately it is now a requirement, which means it will likely need to be supported by PlayFab. However, it may be possible to use the PlayFab LoginWithOpenIdConnect API as it seems Sign in with Apple uses Open ID. Anyone have any experience with this?

2 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brendan avatar image brendan commented ·

What Apple did was add an OIDC-based auth. We checked, and their JWT was lacking a nonce, which is non-standard, but we updated our OIDC login to allow for that. Unfortunately, we've also found in testing that their known-good configuration file also violates the OIDC spec by having a mismatch between the issuer and the URL. We're investigating to see if we can work around that (our OIDC library follows the standard, which is why it's tricky).

1 Like 1 ·
brandon@uprootstudios.com avatar image brandon@uprootstudios.com brendan commented ·

@Brendan Thanks for the info. We got our Title to successfully link to "Sign in with Apple" using CreateOpenIdConnection, but unfortunately the actual sign-in doesn't work in-client, and the error returned is

Signature validation failed. Unable to match keys:
0 Likes 0 ·
brandon@uprootstudios.com avatar image
brandon@uprootstudios.com commented

We've finally gotten it working with PlayFab's LoginWithOpenIdConnect API! The Connection ID and Client ID need to both be the Client ID used in Apple's service setup, and the Client Secret can be generated with a variety of languages (ruby and python are easiest)

1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jeff Posey avatar image Jeff Posey commented ·

From Citrus Yan on the other thread:

"And, you can make a feature request about LoginWithOpenIdConnect API taking in an endpoint instead of a ConnectionID."


It sounds like this wasn't necessary? Was there anything changed by PlayFab in the process of getting it working?

What about Linking an Apple account? We would want to support this as well, when they chose "Continue as Guest" at first.

I'm trying to figure out how much time this is going to take, and if instead I need to not have any other login methods like Facebook (until PlayFab supports Sign in with Apple and LinkAppleAccount). But I believe if I only sign in with DeviceID, that would mean there would be no way to share the same PlayFab account between your iPhone and your iPad.

0 Likes 0 ·
Hayrettin Yucel avatar image
Hayrettin Yucel commented

This feature request marked as completed. What does that mean?

1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brandon@uprootstudios.com avatar image brandon@uprootstudios.com commented ·

It's available now using OpenIDConnect (see my comment above yours)

0 Likes 0 ·
Dyon Ng avatar image
Dyon Ng commented

I'm having issues getting this to work. When I make a LoginWithOpenIdConnect request, I get an error from PlayFab:

{"code":403,"status":"Forbidden","error":"NotAuthorized","errorCode":1089,"errorMessage":"Value cannot be null.\r\nParameter name: key"}

My login request looks like:

POST https://{
               {TitleID}}.playfabapi.com/Client/LoginWithOpenIdConnect
    Content-Type: application/json
{
  "ConnectionId": "com.company.clientid", // sign-in-with-apple service id
  "IdToken": "eyJraWQiOiJ...", // jwt id_token from apple
  "CreateAccount": true
}

My OpenId Connection in Title Settings:

ConnectionId: "com.company.clientId", // sign-in-with-apple service id
ClientId: "com.company.clientId", // same as above
ClientSecret: "eyJhbGciO..." // generated with p8 file, clientId, teamId, keyId
Issuer: "https://appleid.apple.com/auth/keys" // shows up blank now

Is there a guide or something that we can follow that might help with this?

Also, your "TRY IT" button on that API page is, sadly, broken:
Uncaught TypeError:
PlayFab.ClientApi[method] is not a function
    at Object.makeClientAPICall (tools.js?t=20190314:176)
    at HTMLButtonElement.<anonymous> (tools.js?t=20190314:71)
    at HTMLButtonElement.dispatch (lib.js?t=20190314:2)
    at HTMLButtonElement.q.handle (lib.js?t=20190314:2)
1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

marcowilliamspf avatar image marcowilliamspf commented ·

There is a guide that is in-progress for this. I don't have an exact ETA release date on the documentation. But the document is complete and it just needs to be added to the docs.microsoft.com/gaming/playfab documentation portal. I suspect that it should be available sometime between now and the end of next week.

0 Likes 0 ·
marcowilliamspf avatar image
marcowilliamspf commented
4 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Dyon Ng avatar image Dyon Ng commented ·

Ah, this wasn't there when I last checked for a guide. I'll give this a shot, thanks a bunch.

0 Likes 0 ·
Don Glover avatar image Don Glover Dyon Ng commented ·

Dyon, did the document give you the information that you needed?

0 Likes 0 ·
Dyon Ng avatar image Dyon Ng Don Glover commented ·

Mostly good until creating an OpenID Connection in Title Settings. Using Issuer: https://appleid.apple.com caused an error upon saving. Instead, we used the Admin REST API, CreateOpenIdConnection, with:

{
    ConnectionId: "com.company.product",
    ClientId: "com.company.product",
    ClientSecret: "clientSecret",
    IssueDiscoveryUrl: "https://appleid.apple.com/.well-known/openid-configuration",
    IssuerInformation: {
        Issuer: "https://appleid.apple.com",
        AuthorizationUrl: "https://appleid.apple.com/auth/authorize",
        TokenUrl: "https://appleid.apple.com/auth/token",
        JsonWebKeySet: {
            "keys": [{
                "kty": "RSA",
                "kid": "AIDOPK1",
                "use": "sig",
                "alg": "RS256",
                "n": "lxrwmuYSAsTfn-lUu4goZSXBD9ackM9OJuwUVQHmbZo6GW4Fu_auUdN5zI7Y1dEDfgt7m7QXWbHuMD01HLnD4eRtY-RNwCWdjNfEaY_esUPY3OVMrNDI15Ns13xspWS3q-13kdGv9jHI28P87RvMpjz_JCpQ5IM44oSyRnYtVJO-320SB8E2Bw92pmrenbp67KRUzTEVfGU4-obP5RZ09OxvCr1io4KJvEOjDJuuoClF66AT72WymtoMdwzUmhINjR0XSqK6H0MdWsjw7ysyd_JhmqX5CAaT9Pgi0J8lU_pcl215oANqjy7Ob-VMhug9eGyxAWVfu_1u6QJKePlE-w",
                "e": "AQAB"
            }]
        }
    }
}
0 Likes 0 ·
Show more comments
SniperED007 avatar image
SniperED007 commented

Has anyone actually managed to get Apple Sign in to work with Unity and PlayFab, and if so what are the steps, the documentation linked here is very weak, it doesn't even mention OpenId at all.

2 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

andymaddison avatar image andymaddison commented ·

See https://blogs.unity3d.com/2019/09/19/support-for-apple-sign-in/. Support for it is practically non-existent.

I've managed to get a couple of Unity apps through Apple submission.

1 Like 1 ·
Dyon Ng avatar image Dyon Ng commented ·

The documentation is updated for the NEW Apple Add-on. It no longer requires setting up OpenID. However, with Unity, I'm not sure if there's a Sign in with Apple plugin yet. You may have to setup your own native method of retrieving Apple's JWT Identity Token within XCode.

0 Likes 0 ·
Dyon Ng avatar image
Dyon Ng commented

The new Apple Add-on is great and simple to use. However, it only works with AppStore listings whereas the old OpenID connection method could let any platform (Web, Windows, etc) use Sign in with Apple for authentication. Any plans on having both options, Apple Add-on and OpenId, available in the future?

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write a Comment

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Your Opinion Counts

Share your great idea, or help out by voting for other people's ideas.