-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Amplify Gen2 SignInWithApple not adding email attribute to userpool that requires email #14019
Comments
Hello, @JustinHaut 👋 and thanks for opening this issue. It looks like this might be the result of making the Unfortunately, this also means that you may need to create a new user pool that does NOT have the email attribute set to be required (since required attributes cannot be updated in Cognito at this time). Was this a new app that had a small amount of users or (if you had to start over) would you need to migrate the existing users? |
Hi @cwomack! 👋 thanks for the quick response! Small amount of users but if I create a new userpool and switch to username then there would be no verify email which is a nice filter. 😕 On the flip side I could eliminate email entirely, but that would exclude non gmail, apple, amazon, facebook users. What would you suggest here? Easiest option would be eliminate apple as an external provider. |
Any chance AWS Amplify can add a placeholder when Apple keeps a user's email private? Particularly since Cognito doesn't require a verified email when using external providers it seems like that could be a work around. I tried to add a second userpool and then would have conditionally configured Amplify based on login type, but only one userpool is allowed. Here's the guideline Apple sent in the review which basically says they want you to use Apple; while recommended it isn't mandatory at this time 😬 Concerning for future releases though. Guideline 4.8 - Design - Login Services The app uses a third-party login service, but does not appear to offer an equivalent login option with the following features:
|
@JustinHaut after reviewing this issue further, I think we need to update the docs to be more clear about this edge case when using Apple as a federated auth provider with Amplify. The suggestion to use a placeholder would likely be a breaking change to the Auth flows here, and I think the better way to ensure future developers don't run into this is to be more clear in our docs. As for how you handle the Cognito User Pool from here, we'd suggest creating a new one (which is frustrating, sorry) to ensure the email attribute is NOT required to ensure there's no issues with |
@cwomack thanks, the docs state that we can't just use a username, which wouldn't be ideal anyway, so that leaves phone.. Otherwise if that's not possible, are you at AWS able to do a regex check on email before creating a user in the userpool and then we could have the Apple signup fail so we can at least have users signup/login another way? Right now signUpWithApple simply logs the user in for the first time with no problems... until the user logs out and can't get back in. |
@cwomack when there's a will there's a way 🚀 Attach this post confirmation lambda trigger and make sure it has proper permissions.
|
Looks like they added privaterelay as a placeholder! No post confirmation trigger needed. |
@JustinHaut, appreciate you following up here with the additional code and context. Glad you're unblocked! |
@JustinHaut Was privaterelay a setting needed to be enabled on the apple developer website?
@cwomack we just ran into this issue following the current gen 2 docs. We have since disabled this federated login as a new user pool is quite a big effort. |
Before opening, please confirm:
JavaScript Framework
React Native
Amplify APIs
Authentication
Amplify Version
v6
Amplify Categories
auth
Backend
Amplify Gen 2
Environment information
Describe the bug
My userpool is setup to have users login with their email. When I add apple as an external provider, scope email, map email, I can login fine the first time; however, the email does not get stored in cognito userpool so when I log out I cannot log back in.
Google as an external provider works as expected.
Regular sign up and login with email works as expected.
In summary, sub gets created and Apple adds identities attribute to the userpool, but no email.
Expected behavior
Expected signInWithApple to add the scoped email or at least a placeholder to cognito email attribute -or, to have the initial signup/login fail if email truly isn't available.
Reproduction steps
Code Snippet
Log output
aws-exports.js
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
The text was updated successfully, but these errors were encountered: