I have AshAuthentication set up and working for Google OAuth. However, I’ve been beating my head against the wall trying to get the Apple strategy to work.
One of my problems is that Apple uses a POST request to make the callback to my site. However, AshAuthentication only generates a GET route.
GET /auth/user/apple MyApp.Accounts.User.apple :request GET /auth/user/apple/callback MyApp.Accounts.User.apple :callback
I manually set up a POST endpoint that redirects to the generated GET endpoint, but the login still fails. Anyone know what I can try? I’m pretty out of ideas.
In my router I have:
auth_routes AuthController, User, path: "/auth"
In user.ex I have
apple :apple do
private_key_path MyApp.Secrets
private_key_id MyApp.Secrets
team_id MyApp.Secrets
redirect_uri MyApp.Secrets
client_id MyApp.Secrets
registration_enabled? true
end
Are you on the latest versions of ash authentication and ash authentication Phoenix? This sounds similar to a bug we fixed a long time ago 
I believe so. Here is my mix.lock
“ash_authentication”: {:hex, :ash_authentication, “4.10.0”, …},
“ash_authentication_phoenix”: {:hex, :ash_authentication_phoenix, “2.10.5”, …},
Ok, I was finally able to figure out the issues. There were a few things I had to do to get it working.
- The most crucial was adjusting my session options in endpoint.ex. As far as I can tell, I needed to do this because Apple calls the callback url using a POST request, and since the request was coming from a third party site, my site refused to load the session. Since the session was missing, AshAuthentication just cleared it and created a new session, if that makes sense.
@session_options [
# ...
same_site: “None” # Change this from Lax to None
]
- I was also running into an issue where AshAuthentication was trying to use
auth_routes, and since Phoenix no longer generates route helpers, I had to reenable those in myapp_web.ex
use Phoenix.Router, helpers: true
- The auth helpers expect the route action to be an atom, but AshAuthentication uses tuples. This caused a compiler warning. I always configure warnings as errors, so I had to add
get "/auth/user/apple", AuthController, {:user, :apple, :request}
to my router to force it to generate the right auth_route clause and then I had to add
def call(conn, action) do
super(conn, action)
end
to auth_controller.ex to pass the call to AshAuthentication.
I’m certain that all these things aren’t the “right” way to do things. But I’ve been beating my head against this long enough that I’m going to go with this for now. I’m not sure if a bug report belongs in AshAuthenticationPhoenix. Or if things are working as intended and Apple is just weird for using a POST request. But hopefully this helps someone in the future.
Hmm…let’s definitely open an issue because at the very least those should be documented if they are required steps, but more than likely all of them can be fixed and/or warned about explicitly somehow. The session options one definitely seems like it shouldn’t be necessary though. Let’s see what @jimsynz says 
