Hi, I used your code in CAS 6.3 and I am able to authenticate the user for
the first time. If I open a private window and try to authenticate again, I
get an error <Token response: status=400,
content={"error":"invalid_client"}>. Have you encountered this error as
well?
Thanks
Dne pátek 25. června 2021 v 6:33:17 UTC+2 uživatel Andy Ng napsal:
> Hi all,
>
> Would like to know anybody got "Sign in with Apple" working in CAS
> natively?
>
> I got it working my doing some customization (I will attach below) because
> of some weird issue which I cannot understand.
>
> While I would like to investigate on submiting a PR, but I am not sure if
> I am the only one having issue with this or not so want to ask the group
> first.
>
> Cheers!
> - Andy
>
> Attached is my customization which makes Sign in with Apple work:
> =========================================
> *MyOrgAppleOidcAuthenticator.java*
> /**
> * Fix an issue which the secret cannot be refresh again during validation.
> *
> */
> @Slf4j
> public class MyOrgAppleOidcAuthenticator extends OidcAuthenticator {
> public MyOrgAppleOidcAuthenticator(OidcConfiguration configuration,
> OidcClient client) {
> super(configuration, client);
> }
>
> /**
> * If client is secret post, set the client authentication again so
> the secret can be get again
> * <p>
> * Also, set the user profile after validate, so it can validate the
> userprofile
> *
> * @param cred
> * @param context
> */
> @Override
> public void validate(final OidcCredentials cred, final WebContext
> context) {
> ClientAuthentication clientAuthentication =
> getClientAuthentication();
> if (clientAuthentication instanceof ClientSecretPost) {
> LOGGER.debug("Get secret again from validate for Apple Login");
> final ClientID clientId = new
> ClientID(configuration.getClientId());
> final Secret secret = new Secret(configuration.getSecret());
> ClientSecretPost clientSecretPost = new
> ClientSecretPost(clientId, secret);
> setClientAuthentication(clientSecretPost);
> }
> super.validate(cred, context);
> }
> }
>
> =================================================================================================
>
> *MyOrgDefaultDelegatedClientFactory.java*
> /**
> * Set Apple Client
> *
> */
> @Slf4j
> @Getter
> public class MyOrgDefaultDelegatedClientFactory extends
> DefaultDelegatedClientFactory {
> private final CasConfigurationProperties casProperties;
>
> public MyOrgDefaultDelegatedClientFactory(
> CasConfigurationProperties casProperties,
> Collection<DelegatedClientFactoryCustomizer> customizers) {
> super(casProperties, customizers);
> this.casProperties = casProperties;
> }
>
> @Override
> protected void configureClient(final IndirectClient client, final
> Pac4jBaseClientProperties props) {
> if(client instanceof AppleClient){
> client.setAuthenticator(
> new MyOrgAppleOidcAuthenticator(((AppleClient)
> client).getConfiguration(), (AppleClient) client)
> );
> }
> super.configureClient(client, props);
> }
> }
> =========================================
> *cas.yml*
> cas:
> authn:
> pac4j:
> oidc:
> - apple:
> client-name: XXXX
> private-key: file:/abd/def/myapplecert.p8
> private-key-id: xxxx
> team-id: xxxxx
> id: xxx.yyy.zzz
> response-mode: form_post
> scope: openid name
> response-type: code id_token
> use-nonce: true
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b7993e55-266b-4669-a647-408614cdaf3fn%40apereo.org.
