Apple sign-In not working when upgrading Nakama and switching from Unity to web authentication

Hi, we met a apple-sign-in issue.

We have Web Client and use Sign-In-with-Apple feature provided by Nakama. Web client use Apple’s Services IDs way (Configuring Your Webpage for Sign in with Apple | Apple Developer Documentation) to get id_token for Nakama Apple authentication.

When we upgrade Nakama from 2.14.1 to 3.2.1, the Apple Services IDs authentication doesn’t work (but it works well in Nakama 2.14.1). At the moment, our unity client’s (built in Nakama Unity) Apple authentication works well.

I checked the JWT payload in Apple’s id_token between Unity client and Web client, seems the difference is aud.

Unity client use Bundle ID as aud.
Web client use Services IDs (apple client id) as aud.

So I wonder if Nakama changed the behavior of Apple authentication for BundleId and Services IDs. Or it does support and might be our upgrade issue. Or it doesn’t support authentication via Services IDs anymore.

If needed more details, please tell me.
Thanks in advance.

@renhades I think you have identified a difference in the way the Apple API works between web authentication and Unity authentication. In a recent release of Nakama we added additional logic to follow the Apple guidelines and validate the AUD field from their token format. I suspect we may need to loosen those constraints to be compatible between both web and mobile authentication flows.

Can you open an issue on GitHub and I’ll discuss it with engineering internally on how best to resolve it. Thanks

Okay. Have opened an issue on GitHub ( Sign-In-with-Apple for Web Client is not working · Issue #618 · heroiclabs/nakama (github.com))

Thanks.