Enable Apple Sign In (#140)

* Enable Apple Sign In authentication via OAuth credential

* New test added for Apple Sign In

* Apple Sign In test must use an ID token

Author: Kapusch

src/Firebase.Auth.Tests/IntegrationTests.cs

@@ -21,6 +21,7 @@ public class IntegrationTests
         private const string FirebaseEmail = "<TEST USER EMAIL>";
         private const string FirebasePassword = "<TEST USER PASSWORD>";
 
+        private const string AppleIDToken = "<APPLE USER ID TOKEN>";
         private const string FirebaseTenant = "<TEST USER TENANT ID>";
 
         [TestMethod]
@@ -45,6 +46,16 @@ public void GoogleTest()
             auth.FirebaseToken.Should().NotBeNullOrWhiteSpace();
         }
 
+        [TestMethod]
+        public void AppleTest()
+        {
+            var authProvider = new FirebaseAuthProvider(new FirebaseConfig(ApiKey));
+
+            var auth = authProvider.SignInWithOAuthAsync(FirebaseAuthType.Apple, AppleIDToken).Result;
+
+            auth.FirebaseToken.Should().NotBeNullOrWhiteSpace();
+        }
+
         [TestMethod]
         public void EmailTest()
         {
@@ -79,7 +90,7 @@ public void Unknown_email_address_should_be_reflected_by_failure_reason()
                 }
                 catch (Exception e)
                 {
-                    var exception = (FirebaseAuthException) e.InnerException;
+                    var exception = (FirebaseAuthException)e.InnerException;
                     exception.Reason.Should().Be(AuthErrorReason.UnknownEmailAddress);
                 }
             }
@@ -127,7 +138,7 @@ public void Invalid_password_should_be_reflected_by_failure_reason()
         public void CreateUserTest()
         {
             var authProvider = new FirebaseAuthProvider(new FirebaseConfig(ApiKey));
-            var email = $"abcd{new Random().Next()}@test.com"; 
+            var email = $"abcd{new Random().Next()}@test.com";
 
             var auth = authProvider.SignInWithEmailAndPasswordAsync(email, "test1234").Result;
 
@@ -182,10 +193,10 @@ public void RefreshAccessToken()
 
             var auth = authProvider.SignInWithOAuthAsync(FirebaseAuthType.Facebook, FacebookAccessToken).Result;
             var originalToken = auth.FirebaseToken;
-            
+
             // simulate the token already expired
             auth.Created = DateTime.MinValue;
-            
+
             var freshAuth = auth.GetFreshAuthAsync().Result;
 
             freshAuth.FirebaseToken.Should().NotBe(originalToken);

src/Firebase.Auth/AuthErrorReason.cs

@@ -93,6 +93,14 @@ public enum AuthErrorReason
         /// <summary>
         /// Linked accounts: account to link has already been linked.
         /// </summary>
-        AlreadyLinked
+        AlreadyLinked,
+        /// <summary>
+        /// Third-party Auth Providers: PostBody contains an Id Token string obtained from Auth Provider which is actually stale.
+        /// </summary>
+        StaleIDToken,
+        /// <summary>
+        /// Third-party Auth Providers: PostBody contains an Id Token string obtained from Auth Provider which has already been received.
+        /// </summary>
+        DuplicateCredentialUse
     }
 }

src/Firebase.Auth/Firebase.Auth.csproj

@@ -1,23 +1,21 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <PropertyGroup>
-    <TargetFramework>netstandard1.1</TargetFramework>
-    <PackageId>FirebaseAuthentication.net</PackageId>
-    <PackageVersion>3.6.0</PackageVersion>
-    <Authors>Step Up Labs, Inc.</Authors>
-    <Description>Firebase authentication library. It can generate Firebase auth token based on given OAuth token (issued by Google, Facebook...). This Firebase token can then be used with REST queries against Firebase endpoints. </Description>
-    <PackageRequireLicenseAcceptance>false</PackageRequireLicenseAcceptance>
-    <PackageIconUrl>https://github.com/step-up-labs/firebase-authentication-dotnet/raw/master/art/FirebaseLogo.128x128.png</PackageIconUrl>
-    <PackageProjectUrl>https://github.com/step-up-labs/firebase-authentication-dotnet</PackageProjectUrl>
-    <PackageLicenseUrl>https://github.com/step-up-labs/firebase-authentication-dotnet/blob/master/LICENSE</PackageLicenseUrl>
-    <IncludeSource>True</IncludeSource>
-    <IncludeSymbols>True</IncludeSymbols>
-    <Copyright>Step Up Labs, Inc. 2016</Copyright>
-    <PackageTags>Firebase Auth Authentication Google Facebook Github Twitter</PackageTags>
-  </PropertyGroup>
-  
-  <ItemGroup>
-    <PackageReference Include="Newtonsoft.Json" Version="11.0.2" />
-  </ItemGroup>
-
+<?xml version="1.0" encoding="UTF-8"?>
+<Project Sdk="Microsoft.NET.Sdk">
+    <PropertyGroup>
+        <TargetFramework>netstandard1.1</TargetFramework>
+        <PackageId>FirebaseAuthentication.net</PackageId>
+        <PackageVersion>3.7.0</PackageVersion>
+        <Authors>Step Up Labs, Inc.</Authors>
+        <Description>Firebase authentication library. It can generate Firebase auth token based on given OAuth token (issued by Google, Facebook...). This Firebase token can then be used with REST queries against Firebase endpoints. </Description>
+        <PackageRequireLicenseAcceptance>false</PackageRequireLicenseAcceptance>
+        <PackageIconUrl>https://github.com/step-up-labs/firebase-authentication-dotnet/raw/master/art/FirebaseLogo.128x128.png</PackageIconUrl>
+        <PackageProjectUrl>https://github.com/step-up-labs/firebase-authentication-dotnet</PackageProjectUrl>
+        <PackageLicenseUrl>https://github.com/step-up-labs/firebase-authentication-dotnet/blob/master/LICENSE</PackageLicenseUrl>
+        <IncludeSource>True</IncludeSource>
+        <IncludeSymbols>True</IncludeSymbols>
+        <Copyright>Step Up Labs, Inc. 2016</Copyright>
+        <PackageTags>Firebase Auth Authentication Google Facebook Github Twitter Apple</PackageTags>
+    </PropertyGroup>
+    <ItemGroup>
+        <PackageReference Include="Newtonsoft.Json" Version="11.0.2" />
+    </ItemGroup>
 </Project>

src/Firebase.Auth/FirebaseAuthProvider.cs

@@ -25,8 +25,8 @@ public class FirebaseAuthProvider : IDisposable, IFirebaseAuthProvider
         private const string GoogleSetAccountUrl = "https://www.googleapis.com/identitytoolkit/v3/relyingparty/setAccountInfo?key={0}";
         private const string GoogleCreateAuthUrl = "https://www.googleapis.com/identitytoolkit/v3/relyingparty/createAuthUri?key={0}";
         private const string GoogleUpdateUserPassword = "https://identitytoolkit.googleapis.com/v1/accounts:update?key={0}";
-        
-        
+
+
         private const string ProfileDeleteDisplayName = "DISPLAY_NAME";
         private const string ProfileDeletePhotoUrl = "PHOTO_URL";
 
@@ -55,7 +55,7 @@ public async Task<FirebaseAuthLink> SignInWithCustomTokenAsync(string customToke
             firebaseAuthLink.User = await this.GetUserAsync(firebaseAuthLink.FirebaseToken).ConfigureAwait(false);
             return firebaseAuthLink;
         }
-        
+
         /// <summary>
         /// Using the idToken of an authenticated user, get the details of the user's account
         /// </summary>
@@ -66,14 +66,14 @@ public async Task<User> GetUserAsync(string firebaseToken)
             var content = $"{{\"idToken\":\"{firebaseToken}\"}}";
             var responseData = "N/A";
             try
-            { 
+            {
                 var response = await this.client.PostAsync(new Uri(string.Format(GoogleGetUser, this.authConfig.ApiKey)), new StringContent(content, Encoding.UTF8, "application/json")).ConfigureAwait(false);
                 responseData = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
                 response.EnsureSuccessStatusCode();
 
                 var resultJson = JObject.Parse(responseData);
                 var user = JsonConvert.DeserializeObject<User>(resultJson["users"].First().ToString());
-                return user; 
+                return user;
             }
             catch (Exception ex)
             {
@@ -92,15 +92,26 @@ public async Task<User> GetUserAsync(FirebaseAuth auth)
         }
 
         /// <summary>
-        /// Using the provided access token from third party auth provider (google, facebook...), get the firebase auth with token and basic user credentials.
+        /// Using the provided access token from third party auth provider (google, facebook...), or ID token (apple), get the firebase auth with token and basic user credentials.
         /// </summary>
         /// <param name="authType"> The auth type. </param>
-        /// <param name="oauthAccessToken"> The access token retrieved from login provider of your choice. </param>
+        /// <param name="oauthToken"> The access token or ID token retrieved from login provider of your choice. </param>
         /// <returns> The <see cref="FirebaseAuth"/>. </returns>
-        public async Task<FirebaseAuthLink> SignInWithOAuthAsync(FirebaseAuthType authType, string oauthAccessToken)
+        public async Task<FirebaseAuthLink> SignInWithOAuthAsync(FirebaseAuthType authType, string oauthToken)
         {
             var providerId = this.GetProviderId(authType);
-            var content = $"{{\"postBody\":\"access_token={oauthAccessToken}&providerId={providerId}\",\"requestUri\":\"http://localhost\",\"returnSecureToken\":true}}";
+
+            string content;
+
+            switch (authType)
+            {
+                case FirebaseAuthType.Apple:
+                    content = $"{{\"postBody\":\"id_token={oauthToken}&providerId={providerId}\",\"requestUri\":\"http://localhost\",\"returnSecureToken\":true}}";
+                    break;
+                default:
+                    content = $"{{\"postBody\":\"access_token={oauthToken}&providerId={providerId}\",\"requestUri\":\"http://localhost\",\"returnSecureToken\":true}}";
+                    break;
+            }
 
             FirebaseAuthLink firebaseAuthLink = await this.ExecuteWithPostContentAsync(GoogleIdentityUrl, content).ConfigureAwait(false);
             firebaseAuthLink.User = await this.GetUserAsync(firebaseAuthLink.FirebaseToken).ConfigureAwait(false);
@@ -174,7 +185,7 @@ public async Task<FirebaseAuthLink> SignInWithEmailAndPasswordAsync(string email
             firebaseAuthLink.User = await this.GetUserAsync(firebaseAuthLink.FirebaseToken).ConfigureAwait(false);
             return firebaseAuthLink;
         }
-        
+
         /// <summary>
         /// Change a password from an user with his token.
         /// </summary>
@@ -187,8 +198,8 @@ public async Task<FirebaseAuthLink> ChangeUserPassword(string idToken, string pa
 
             return await this.ExecuteWithPostContentAsync(GoogleUpdateUserPassword, content).ConfigureAwait(false);
         }
-        
-        
+
+
         /// <summary>
         /// Creates new user with given credentials.
         /// </summary>
@@ -273,15 +284,15 @@ public async Task DeleteUserAsync(string firebaseToken)
         {
             var content = $"{{ \"idToken\": \"{firebaseToken}\" }}";
             var responseData = "N/A";
-            
-            try 
+
+            try
             {
                 var response = await this.client.PostAsync(new Uri(string.Format(GoogleDeleteUserUrl, this.authConfig.ApiKey)), new StringContent(content, Encoding.UTF8, "application/json")).ConfigureAwait(false);
                 responseData = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
-                
+
                 response.EnsureSuccessStatusCode();
             }
-            catch(Exception ex)
+            catch (Exception ex)
             {
                 AuthErrorReason errorReason = GetFailureReason(responseData);
                 throw new FirebaseAuthException(GoogleDeleteUserUrl, content, responseData, ex, errorReason);
@@ -296,12 +307,12 @@ public async Task SendPasswordResetEmailAsync(string email)
         {
             var content = $"{{\"requestType\":\"PASSWORD_RESET\",\"email\":\"{email}\"}}";
             var responseData = "N/A";
-            
+
             try
             {
                 var response = await this.client.PostAsync(new Uri(string.Format(GoogleGetConfirmationCodeUrl, this.authConfig.ApiKey)), new StringContent(content, Encoding.UTF8, "application/json")).ConfigureAwait(false);
                 responseData = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
-                
+
                 response.EnsureSuccessStatusCode();
             }
             catch (Exception ex)
@@ -550,6 +561,9 @@ private static AuthErrorReason GetFailureReason(string responseData)
                         case "A system error has occurred - missing or invalid postBody":
                             failureReason = AuthErrorReason.SystemError;
                             break;
+                        case "MISSING_OR_INVALID_NONCE : Duplicate credential received. Please try again with a new credential.":
+                            failureReason = AuthErrorReason.DuplicateCredentialUse;
+                            break;
 
                         //possible errors from Email/Password Account Signup (via signupNewUser or setAccountInfo) or Signin
                         case "INVALID_EMAIL":
@@ -563,7 +577,7 @@ private static AuthErrorReason GetFailureReason(string responseData)
                         case "EMAIL_EXISTS":
                             failureReason = AuthErrorReason.EmailExists;
                             break;
-                            
+
                         //possible errors from Account Delete
                         case "USER_NOT_FOUND":
                             failureReason = AuthErrorReason.UserNotFound;
@@ -610,12 +624,14 @@ private static AuthErrorReason GetFailureReason(string responseData)
                             break;
                     }
 
-                    if(failureReason == AuthErrorReason.Undefined)
-                    {                            
+                    if (failureReason == AuthErrorReason.Undefined)
+                    {
                         //possible errors from Email/Password Account Signup (via signupNewUser or setAccountInfo)
-                        if(errorData?.error?.message?.StartsWith("WEAK_PASSWORD :") ?? false) failureReason = AuthErrorReason.WeakPassword;
+                        if (errorData?.error?.message?.StartsWith("WEAK_PASSWORD :") ?? false) failureReason = AuthErrorReason.WeakPassword;
                         //possible errors from Email/Password Signin
                         else if (errorData?.error?.message?.StartsWith("TOO_MANY_ATTEMPTS_TRY_LATER :") ?? false) failureReason = AuthErrorReason.TooManyAttemptsTryLater;
+                        //ID Token issued is stale to sign-in (e.g. with Apple)
+                        else if (errorData?.error?.message?.StartsWith("ERROR_INVALID_CREDENTIAL") ?? false) failureReason = AuthErrorReason.StaleIDToken;
                     }
                 }
             }
@@ -638,6 +654,7 @@ private string GetProviderId(FirebaseAuthType authType)
             {
                 case FirebaseAuthType.Facebook:
                 case FirebaseAuthType.Google:
+                case FirebaseAuthType.Apple:
                 case FirebaseAuthType.Github:
                 case FirebaseAuthType.Twitter:
                     return authType.ToEnumString();

src/Firebase.Auth/FirebaseAuthType.cs

@@ -22,6 +22,12 @@ public enum FirebaseAuthType
         [EnumMember(Value = "google.com")]
         Google,
 
+        /// <summary>
+        /// The apple auth.
+        /// </summary>
+        [EnumMember(Value = "apple.com")]
+        Apple,
+
         /// <summary>
         /// The github auth.
         /// </summary>
@@ -39,5 +45,5 @@ public enum FirebaseAuthType
         /// </summary>
         [EnumMember(Value = "password")]
         EmailAndPassword
-    } 
+    }
 }