Testing apple social sign in on localhost

Hey ,
I will get a team mate of mine to look into this issue with Apple social sign-in on your local environment

Hey - would you able to https://.kinde.com/login/callback and see if that works for you? your post login redirect url should redirect you back to localhost after login

Should it be /login/callback or /api/auth/kinde_callback which is in my application Allowed callback URLs?

should be /login/callback - the one available in your social connection config ☺

Thanks, I updated the URLs and was able to make progress with the Apple auth flow locally.
However, I’m getting this error now on https://.kinde.com/auth/cx/_:nav&m:auth_error

I see this error after entering the 6 digit verification code from Apple.

hmm, just checking if you're testing w/Kinde credentials or your own?

my own

I assume Kinde is throwing the error above? Anything in your logs that can shed light on the actual issue?

yep, taking a look into it now - seems like an invalid client err. I'll set one up and give it a test too

Checked w/Kinde credentials and it seems to be going through correctly. I think it may be an issue with the client id - can I check if you're using app id or service id ? + which one you used to generate the client secret?

service id

ah cool, would you be able to give app id a go

sure

I see an “App ID Prefix” and a “Bundle ID” in Apple Developer portal. Which one would you like me to use as the client id?

Should be your bundle ID / your identifier on the app id page

I tried:

• Apple client ID in Kinde = service id
• Apple client secret generated using the app id

Something went wrong when we tried to authenticate you, and we can’t offer a quick way out. Start a new session and try signing in again.

ah sorry, could you try your app id in your client id as well along with the current apple secret you've generated using the app id

Apple doesn’t seem to like the app id, I get this:

hmm does your id look something like com.kinde.app (this is Kinde's)?

my service id is: service.live.surreal.app

Might be a stupid question, but who is responsible for creating the /login/callback route in my app?
I’m using the Next.js App Router, and my understanding is that all the Kinde routes are under /api/auth/*.

I see a 302 Found after Apple redirects to https://.kinde.com/login/callback

we handle that on our side - when a social provider hits that endpoint, we get the config, check the token, state etc. and then do the redirect back to your elected redirect url

oh, of course, it’s your domain, I got confused with my app

if you're still in dev mode, are you able to check if kinde's credentials are working?

found an earlier thread - seems like we're using service id - sorry I may have got mixed up

yes, kinde credentials are working fine.
just checked again, and I’m using the service id to generate the secret.
anything else I can try?

Is it expected to see a 302 Found from /login/callback?

the 302 comes from the auth err, it generally should be a successful 200 response - asking the team for any tips with your above err

any other ideas?

Hey - sorry for the delay, I've messaged a teammate and they're looking into it - they're based in the UK so I'll let you know as soon as they reply.

I looked through a few docs + implementations for it and I think they've done it the way you have:

• client id (app id)
• client secret (key generated with service ID)

To future readers, the issue in my case was that, when generating the Apple client secret, I set the expiry to 3 years, while Apple allows 6 months max. It would be nice if Kinde could give a more informative error message in this case. Special thanks to and who helped debug this one!