question

Jeff Greenland avatar image
Jeff Greenland asked

OpenID Connect Issuer for Sign in with Apple

I understand that Apple does not actually have a discovery endpoint for Sign in with Apple. Since the Issuer field for a new OpenID connection seems to expect one, does this mean that PlayFab is fundamentally incompatible with the only login provider that Apple mandates implementation of?

I've already obtained a JWT from the native API, but I can't actually use Playfab's LoginWithCustomIDRequest because I can't create a valid Connection ID?

Am I doing it wrong?

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
Citrus Yan avatar image
Citrus Yan answered

Hi @Jeff Greenland,

Hi,

>>… does this mean that PlayFab is fundamentally incompatible with the only login provider that Apple mandates implementation of?

According to this Sign in with Apple doc, I don’t think Sign in with Apple supports OpenID connection, the basic sequence is the following, you can see there is no OpenID issuer involved:

Please keep an eye on our blog for updates of PlayFab supporting Sign in with Apple.

>>… LoginWithCustomIDRequest because I can't create a valid Connection ID?

Custom Id has nothing to do with JWT, it’s a custom unique identifier generated by your title, the players can then use it with LoginWithCustomID to retrieve a session identifier from PlayFab so that they can subsequently interact with PlayFab through APIs.


signinwithapple.png (28.6 KiB)
2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brandon@uprootstudios.com avatar image brandon@uprootstudios.com commented ·

It seems that Sign in with Apple is essentially the same as OpenID Connect, but without a discovery endpoint and a few other minor differences. OpenID Connect discusses the differences here:

https://bitbucket.org/openid/connect/src/default/How-Sign-in-with-Apple-differs-from-OpenID-Connect.md

I think if the PlayFab LoginWithOpenIdConnect API were able to take in an endpoint (like the one Apple provides in the documentation on Sign in with Apple) instead of a ConnectionID for the discovery endpoint, then it would be possible to use the PlayFab API to use Sign in with Apple securely.

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan brandon@uprootstudios.com commented ·

@Brandon Phillips @Jeff GreenlandActually, the product team is working on Sign in With Apple, please keep an eye on our blog:)

And, you can make a feature request about LoginWithOpenIdConnect API taking in an endpoint instead of a ConnectionID.

1 Like 1 ·
brandon@uprootstudios.com avatar image
brandon@uprootstudios.com answered

@Jeff Greenland I found more info here but it seems like there might not be a way to do it securely with PlayFab. Have you figured out a way to do it through OpenID?

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jeff Greenland avatar image Jeff Greenland commented ·

I've not, unfortunately; investigating other providers.

0 Likes 0 ·
brandon@uprootstudios.com avatar image brandon@uprootstudios.com Jeff Greenland commented ·

@Jeff Greenland Sign in with Apple now works with PF's OpenIdConnect API

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.