Logout from Apple-Sign In
You can do this from the iOS Settings. Open up the Setting app in your iPhone and tap on your name at the top. Then press Password & Security, then Apple ID login They listed all the apps there and you can delete any of them to revoke access.
Sign out after apple sign in
This behaves correctly
User info is only sent in the ASAuthorizationAppleIDCredential upon initial user sign-up. Subsequent logins to your app using Sign In with Apple with the same account do not share any useful info and will only return a user identifier in the ASAuthorizationAppleIDCredential. It is recommended that you securely cache the initial ASAuthorizationAppleIDCredential containing the user info until you can validate that an account has successfully been created on your server. So next time when a user signs in you have to fetch email and other details from your server using the identifier as apple always returns the same identifier even when you delete the application and install it back.
How to revoke Sign in with Apple credentials for a specific app?
You can do this from the iPhone Settings.
Open the Settings app then tap on your name at the top. Then press "Password & Security", then "Apple ID logins".
They should all be listed there and can be deleted.
Sign in with Apple in React Native returning null
With Sign in with Apple, you only get the email/name on first login. It's your responsibility to then store that information. Source:
The identification servers return the user status only when the user first uses Sign in with Apple with your app. Subsequent attempts don’t return any information for this user status, such as after a disconnect and reconnect occurs or from other devices.
https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple
Also: https://developer.apple.com/forums/thread/121496
In terms of logging out, you don't necessarily do this with Sign in With Apple. If you're storing credentials on the device, you should purge them from wherever they're being stored. Also, if you're using the credentials for another service (like Firebase), you can certainly log out of that service.
You don't say what library you're using for this, but if it's react-native-apple-authentication, you may want to refer to this thread about logout behavior: https://github.com/invertase/react-native-apple-authentication/issues/10#issuecomment-611532131
If on an iOS device, the user can revoke Sign In With Apple access via the Settings app. See also this related SO question: Logout from Apple-Sign In
How to Sign Out of Google After Being Authenticated
Swift
try GIDSignIn.sharedInstance().signOut()
objective - c
[[GIDSignIn sharedInstance] signOut];
Revoke Apple sign in token for account deletion process
After doing a bit of research and spending a few hours, understand the flow.
Just a note that in my case I’ve implemented the apple sign-in option in the native iOS app.
Here are the three important steps that need to be followed to revoke the token.
- Get
authorizationCodefrom Apple login (client side). - Get a refresh token or access token with no expiry time using
authorizationCodethrough auth\token (server side). - Revoke the refresh token or access token through token\revoke (server side).
Client Side(App side):
- Get
authorizationCodefrom Apple login.
After sucessfully login in app you will get authorization code from the apple native didCompleteWithAuthorization delegate call.
When you receive the authorization code you will need to send the code to the server immediately, as the code is one use only and valid for five minutes.
func authorizationController(controller: ASAuthorizationController,
didCompleteWithAuthorization authorization: ASAuthorization) {
if let appleIDCredential = authorization.credential as? ASAuthorizationAppleIDCredential {
let authorizationCode = String(data: appleIDCredential.authorizationCode!, encoding: .utf8)!
}
}
Server side (backend side):
- Get a refresh token or access token with no expiry time using
Once received authorization code from the client side, You will need to validate this code via auth\token.
When you send an authorization request to the validation server(Apple server), include the following form data parameters.
client_id= "com.demo.app" (your app bundle id)client_secret= A secret JSON Web Token, generated by the developer, that uses the Sign in with Apple private key associated with your developer account.code= The authorization code received in an authorization response sent to your appImportant: Create the client secret (
client_secret) GET REFERENCE FROM THE APPLE DEVELOPER DOCUMENTATION.JSON Web Token (JWT) is an open-standard (RFC 7519) that defines a way to transmit information securely. Sign in with Apple requires JWTs to authorize each validation request. Create the token, then sign it with the private key you downloaded from Apple Developer.
To generate a signed JWT:
- Create the JWT header.
- Create the JWT payload.
- Sign the JWT.
To create a JWT, use the following fields and values in the JWT header:
alg --> The algorithm used to sign the token. For Sign in with Apple, use ES256.
kid --> A 10-character key identifier generated for the Sign in with Apple private key associated with your developer account.
- The JWT payload contains information specific to the Sign in with Apple REST API and the client app, such as issuer, subject, and expiration time. Use the following claims in the payload:
is --> Use your 10-character Team ID associated with your developer account.
iat --> The issued at registered claim indicates the time at which you generated the client secret, in terms of the number of seconds since Epoch, in UTC.
exp --> The expiration time registered claim identifies the time on or after which the client secret expires. The value must not be greater than 15777000 (6 months in seconds) from the Current UNIX Time on the server.
aud --> https://appleid.apple.com.
sub --> Use the same value as
client_id. The value is case-sensitive.(app bundle id).After creating the JWT, sign it using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm. A decoded
client_secretJWT token has the following format:{
"alg": "ES256",
"kid": "AEBD123DEPG"
}
{
"iss": "EED153GJIJ",
"iat": 1437179036,
"exp": 1493298100,
"aud": "https://appleid.apple.com",
"sub": "com.demo.app"
}After the server validates the refresh token, the endpoint returns the identity token and an access token. The following is an example refresh token validation response:
{
"access_token": "beg3456...67Or9",
"token_type": "Bearer",
"expires_in": 3600,
"id_token": "eyPgkk...96sZg"
}
Revoke the refresh token or access token through token\revoke (server side).
In order to revoke authorization for a user, you must obtain a valid refresh token or access token that you get in step (2).
Once you have a valid refresh or
access_tokenyou will be able to revoke the token via token\revoke end point.There are below parameters required for the server to invalidate the token.
client_id= "com.demo.app" (your app bundle id)client_secret= "A secret JSON Web Token same way you generate in the step 2".token=access_tokenwhich is what you get from the step 2 end point call.
Once the access token revokes client side gets a notification for the same, for that client needs to add the below the observer.
func addObserverforRevokeAppleSignToken() {
let sessionNotificationName = ASAuthorizationAppleIDProvider.credentialRevokedNotification
NotificationCenter.default.addObserver(forName: sessionNotificationName, object: nil, queue: nil) { (notification: Notification) in
// Sign user out
print("Apple sign in token revoked....")
}
}
You can check Settings - Password & Security > Apps Using Apple ID.
Thank you.
Firebase Delete User who signed it with apple correclty
so... Apple does not provide this service. But I found a workaround.
My sign in process:
1. Check if user signed in before
// Create an `OAuthCredential` from the credential returned by Apple.
final oauthCredential = OAuthProvider("apple.com").credential(
idToken: appleCredential.identityToken,
rawNonce: rawNonce,
);
// If you can not access the email property in credential,
// means that user already signed in with his appleId in the application once before
bool isAlreadyRegistered = appleCredential.email == null;
Now to the crucial part:
2. sign in user and check if that uid already exists in Firebase
final UserCredential result =
await FirebaseAuth.instance.signInWithCredential(
oauthCredential,
);
isAlreadyRegistered = await BackendService.checkIfUserIdExists(
result.user?.uid ?? '',
);
checkIfUserIdExists is quite simple as well:
static Future<bool> checkIfUserIdExists(String userId) async {
try {
var collectionRef = FirebaseFirestore.instance.collection(
BackendKeys.users,
);
var doc = await collectionRef.doc(userId).get();
return doc.exists;
} on FirebaseException catch (e) {
return false;
}
}
Related Topics
iOS Facebook Login "Given Url Is Not Allowed by the Application Configuration"
Module 'Googlemobileads' Not Found in iOS
How to Detect the Scroll Direction from the Uicollectionview
iOS Automatic @Synthesize Without Creating an Ivar
Drawing a Polygon with One Color for Stroke, and a Different One for Fill
Could Not Cast Value of Type 'Uiview' (0X112484Eb0) to 'Skview' (0X111646718)
Check If 3D Touch Is Supported and Enabled on the iOS9 Device
Ios- Check Whether Current Time Is Between Two Times or Not
Add a Navigation Bar to a View Without a Navigation Controller
Swiftui: How to Get Continuous Updates from Slider
Today Extension View Flashes When Redrawing
How to Comment or Like a Photo in Facebook Through Fbconnect or Graph API in iPhone Sdk
Property 'Self.*' Not Initialized at Super.Init Call
Document or Cache Path Changes on Every Launch in iOS 8