https://www.ory.sh/ logo
#talk-kratos
Title
# talk-kratos
t

thousands-church-11419

01/27/2022, 7:53 PM
So I’m setting up signup/in with apple, and I’m getting this error:
Copy code
"RUNTIME ERROR: Field does not exist: firstName\n\tfile:///etc/config/oidc.apple.jsonnet:16:16-32\tobject <anonymous>\n\tDuring manifestation\t\n"
I added
name
to the scopes, and apple’s docs said there should be user.firstName, is there a way to inspect the return values?
b

billowy-iron-96117

01/28/2022, 5:55 AM
I am facing similar issue with apple sign in. Not seeing user object in the oidc.apple.jsonnet mapper claims I can see it in the debug logs for google sign in but for apple I can only see the below even though I added both email and name scope { email: myemail@yahoo.com email_verified: true iss: https://appleid.apple.com sub: 001043.6346esgte535b53f2fe21.1059 }
Usually, below is how the user object from Apple is { name: { firstName: 'xxxxx', lastName: 'zzzzz' }, email: 'myemail@yahoo.com' } Is ory ignoring the name prop and not adding it to the claims ? Can someone please advice
t

thousands-church-11419

02/01/2022, 2:27 PM
Yeah any thoughts on this as well?
m

magnificent-energy-493

02/01/2022, 2:32 PM
Let me check GitHub.
Nevermind we had a PR for that: https://github.com/ory/kratos/pull/1833
The best course of action would probably be to open a bug report: https://github.com/ory/kratos/issues/new?assignees=&amp;labels=bug&amp;template=BUG-REPORT.yml This lets us prioritize it accordingly, and often things get lost in the Slack chat (black hole)
t

thousands-church-11419

02/01/2022, 2:37 PM
Yeah hard to tell if we're doing something wrong or if it's a bug but I'll file it appropriately
m

magnificent-energy-493

02/01/2022, 2:44 PM
I can look into reproducing, but might take me a few days.
p

proud-plumber-24205

02/01/2022, 3:17 PM
@billowy-iron-96117 please check out https://www.ory.sh/kratos/docs/concepts/credentials/openid-connect-oidc-oauth2#external-variable-claims It seems apple is returning an object on the name instead of the expected string. @magnificent-energy-493 maybe I can assist you here?
🙏 1
b

billowy-iron-96117

02/01/2022, 3:34 PM
@proud-plumber-24205 Oh ok got it... Ory is expecting a string there. Thank you for the reply. Yeah, I already know that apple returns an object for name as I have posted above... here it is again Usually, below is how the user object from Apple is {   name: { firstName: 'xxxxx', lastName: 'zzzzz' },   email: 'myemail@yahoo.com' }
t

thousands-church-11419

02/01/2022, 3:35 PM
I tried claims.name.firstName and it seems like it doesn't work only email seems to be in the payload
p

proud-plumber-24205

02/01/2022, 3:36 PM
the claims object won't map the name since it would be a type mismatch, object != string
t

thousands-church-11419

02/01/2022, 3:37 PM
Right yeah. So it's an issue with the apple provider not mapping those fields yeah?
b

billowy-iron-96117

02/01/2022, 3:38 PM
No, In Ory, we need to parse this name object from Apple and assign first name and last name to may be "GivenName" and "LastName" here https://www.ory.sh/kratos/docs/concepts/credentials/openid-connect-oidc-oauth2/#external-variable-claims
@thousands-church-11419 I mean yeah you are right. Ignore that "No"
t

thousands-church-11419

02/01/2022, 3:39 PM
Yeah I think we're saying the same thing
👍 1
Btw has there been any movement on this?
m

magnificent-energy-493

02/21/2022, 11:02 AM
Not yet Michael 😕 , But I will see to do look into it with @proud-plumber-24205 this week.
t

thousands-church-11419

02/21/2022, 3:50 PM
I think I have an engineer we can throw at it if need be, if you have some guidance, but I imagine we “just” have to parse the field to an object yeah?
m

magnificent-energy-493

02/22/2022, 9:01 AM
Yes, that should do the trick. Do you want to take a whack at it and we review/help out when stuck? Anyway I will talk to Alano later today.
t

thousands-church-11419

02/22/2022, 7:24 PM
Yeah we’re testing some fixes right now
🙏 1
m

magnificent-energy-493

02/22/2022, 7:45 PM
Love the description 😄
as opposed to embed them in the ID token like any sane company would do.
4 Views