Hi we are currently looking to activate Social Sign In for o Ory Community #ory-network

Hi, we are currently looking to activate Social Si...

late-florist-28893

02/05/2025, 12:52 PM

Hi, we are currently looking to activate Social Sign In for our Ory Network project. So far it seems to work with Google. However, we have the following problem with Apple: After Apple redirects back to the specified redirect_uri after a successful login, Kratos reports a CSRF Violation error. As I said, this only occurs with Apple. Could someone please help us here? Error request: 27bfbcff-43df-94d6-bc00-0c778876c0df

late-florist-28893

02/05/2025, 1:58 PM

I think I have found the error (on the part of Ory)! In the documentation it is written: “The provider ID for the web browser flow must be apple. This makes sure that the resulting callback URL will be exempt from CSRF middleware, as Apple uses a POST form request that does not include the CSRF cookie.” When setting up via Ory Network, however, a redirect_uri is displayed that looks something like this: “apple-a12b-cDe” - this part is also used as the provider ID in the HTML form! The hard overwrite of the provider in the HTML form only returns a 404 from Kratos. So I think this is something that needs to be fixed by Ory.

early-magician-18981

02/05/2025, 3:11 PM

Do you happen to have a network trace (har log) for this?

bland-eye-99092

02/05/2025, 5:17 PM

Thanks for the report. You can manually change the provider ID to

apple

via the CLI. This is indeed a bug in the Ory Console, and we will revert the offending change tomorrow. Unfortunately, created providers will not be changed by the revert, so the only way to fix this at the moment is to use the CLI.

2 Views

Open in Slack

Previous Next