chore: debug Apple & distinguish secrets on environment

Author: danieldanielecki

.github/workflows/azure-static-web-apps-kind-plant-0e80e5803.yml

@@ -4,29 +4,32 @@ on:
   push:
     branches:
       - main
+      - 'feature/*'
   pull_request:
     types: [opened, synchronize, reopened, closed]
     branches:
       - main
+      - 'feature/*'
 
 jobs:
   build_and_deploy_job:
     if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed')
     runs-on: ubuntu-latest
     name: Build and Deploy Job
+    environment: ${{ github.ref == 'refs/heads/main' && 'Production' || 'Staging' }}
     env:
       # Google Analytics
       NEXT_PUBLIC_GA_TRACKING_ID: ${{ secrets.NEXT_PUBLIC_GA_TRACKING_ID }}
 
-      # Appwrite Configuration
+      # Appwrite Configuration (comes from environment secrets)
       NEXT_PUBLIC_APPWRITE_ENDPOINT: ${{ secrets.NEXT_PUBLIC_APPWRITE_ENDPOINT }}
       NEXT_PUBLIC_APPWRITE_PROJECT_ID: ${{ secrets.NEXT_PUBLIC_APPWRITE_PROJECT_ID }}
       NEXT_PUBLIC_APPWRITE_API_KEY: ${{ secrets.NEXT_PUBLIC_APPWRITE_API_KEY }}
       NEXT_PUBLIC_APPWRITE_DATABASE_ID: ${{ secrets.NEXT_PUBLIC_APPWRITE_DATABASE_ID }}
       NEXT_PUBLIC_APPWRITE_DATABASE_NAME: ${{ secrets.NEXT_PUBLIC_APPWRITE_DATABASE_NAME }}
       NEXT_PUBLIC_APPWRITE_COLLECTION_ID: ${{ secrets.NEXT_PUBLIC_APPWRITE_COLLECTION_ID }}
 
-      # Azure Cosmos DB Configuration
+      # Azure Cosmos DB Configuration (comes from environment secrets)
       AZURE_COSMOSDB_ENDPOINT: ${{ secrets.AZURE_COSMOSDB_ENDPOINT }}
       AZURE_COSMOSDB_KEY: ${{ secrets.AZURE_COSMOSDB_KEY }}
       AZURE_COSMOSDB_DATABASE: ${{ secrets.AZURE_COSMOSDB_DATABASE }}

AUTHENTICATION_SETUP.md

@@ -82,7 +82,7 @@ In your Appwrite project settings, you need to configure callback URLs for OAuth
 2. In the Apple OAuth configuration, you'll see a **Redirect URL** field
 3. Set this to: `https://yourdomain.com/auth/callback`
 
-**Note**: The success/failure URLs mentioned in the original documentation are not standard Appwrite settings. Appwrite handles OAuth redirects automatically to the redirect URL you specify above. The success/failure parameters are handled by your application logic in the callback route.
+**Note**: Since Google OAuth is working with this setup, Apple OAuth should use the same callback URL pattern. However, Apple has additional requirements for domain verification and certificate configuration that Google doesn't have.
 
 ## Step 5: Test Authentication
 
@@ -136,7 +136,17 @@ The authentication flow works seamlessly across all platforms.
 3. **Trial timer not working**: Clear localStorage and refresh page
 4. **Authentication state not persisting**: Check browser console for errors
 
-### Apple SSO Production Issues
+### Apple OAuth Specific Issues
+
+Since Google OAuth is working but Apple OAuth isn't, here are Apple-specific troubleshooting steps:
+
+#### Development vs Production
+
+- **Apple OAuth will NOT work on localhost** - it requires HTTPS and a verified domain
+- The code now includes a localhost check that will show a helpful error message
+- Always test Apple OAuth in production or staging environment with proper domain
+
+#### Common Apple OAuth Issues
 
 If Apple SSO shows "invalid_request" error in production, check these common causes:
 

lib/appwrite/auth.ts

@@ -102,7 +102,30 @@ export class AuthService {
   }> {
     try {
       this.checkAppwriteAvailable();
+
+      // Check if we're in development (localhost)
+      if (
+        typeof window !== "undefined" &&
+        window.location.hostname === "localhost"
+      ) {
+        return {
+          success: false,
+          error: {
+            message:
+              "Apple OAuth requires HTTPS and a proper domain. Please test in production.",
+            code: 400,
+          },
+        };
+      }
+
       const redirectUrl = `${window.location.origin}/auth/callback`;
+
+      // Add debug logging if enabled
+      if (process.env.NEXT_PUBLIC_DEBUG_AUTH === "true") {
+        console.log("Apple OAuth - Redirect URL:", redirectUrl);
+        console.log("Apple OAuth - Current origin:", window.location.origin);
+      }
+
       const url = await account!.createOAuth2Session(
         "apple" as any,
         redirectUrl,
@@ -114,6 +137,16 @@ export class AuthService {
       }
       return { success: true };
     } catch (error: any) {
+      // Enhanced error logging for Apple OAuth
+      if (process.env.NEXT_PUBLIC_DEBUG_AUTH === "true") {
+        console.error("Apple OAuth Error:", error);
+        console.error("Error details:", {
+          message: error.message,
+          code: error.code,
+          type: error.type,
+        });
+      }
+
       return {
         success: false,
         error: {

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "practice-exams-platform",
-  "version": "1.4.0",
+  "version": "1.4.1",
   "private": true,
   "engines": {
     "node": "20.x"