https://www.ory.sh/ logo
Join Slack
Powered by
Hey there has anyone experience issues with Apple ...
# talk-kratos
p
Hey there has anyone experience issues with Apple Sign In since upgrading to v0.10.1 (Latest Release)? Our team attempted to upgrade our dev environment, and now on sign in with apple we get the following error: 
An internal server error occurred, please contact the system administrator reason:Unable to initialize OpenID Connect Provider: Get "/.well-known/openid-configuration": unsupported protocol scheme "" stack_trace:
After looking through slack it looked like people were experiencing a similar issue in the past but it was not related to apple it was related to another OIDC provider. @high-optician-2097 Any ideas here? I will link our config and mapper in this thread for reference.
Config
Copy code
selfservice:
  methods:
    oidc:
      enabled: true
      config:
        providers:
          - id: apple
            provider: apple
            client_id: ....
            apple_team_id: ....
            apple_private_key_id: ....
            apple_private_key: |
              -----BEGIN PRIVATE KEY-----
              ....
              -----END PRIVATE KEY-----
            mapper_url: file:///etc/config/kratos/mappers/oidc.apple.jsonnet
            scope:
              - email
Mapper (Exact from Docs)
Copy code
local claims = {
  email_verified: false,
} + std.extVar('claims');

{
  identity: {
    traits: {
      // Allowing unverified email addresses enables account
      // enumeration attacks,  if the value is used for
      // verification or as a password login identifier.
      //
      // Therefore we only return the email if it (a) exists and (b) is marked verified
      // by Apple.
      [if 'email' in claims && claims.email_verified then 'email' else null]: claims.email,
    },
  },
}
We are at a loss on what could be going on here but I suspect is an issue with the request to apple for openid config. The error above looks like it is making a call to https://appleid.apple.com/.well-known/openid-configuration. You can click the link to see the response. But Kratos says 
unsupported protocol scheme ""
cc @rapid-knife-38877
l
👋 I've got the same issue, to fix it you should add
Copy code
issuer_url: <https://appleid.apple.com>
to your configuration in the oidc provider for apple
other oidc provider have a default value but not Apple, I don't know why
p
@loud-spoon-23770 thank you so much for responding I'm gonna try this right now! How did you figure that out?
l
I read the code 😄
🎉 1
😄 2
3 Views
Open in Slack
PreviousNext
Powered by