#﹖ - Authentication Failure with Apple Sign In for Users Who Must Agree to Apple Terms

When using Sign In With Apple on Cognito with AWS Amplify, a failure occurs when when a user has never used Sign In With Apple for any application before. The reason is, if a user has not used it, Apple has an additional step which a user must agree to Sign In With Apple terms and conditions. These are not Terms and Conditions for your own application, but rather Terms and Conditions for the use of your Apple Account for social logins.

This was found in 2.45.3 of iOS/Swift AWS Amplify.

To Duplicate:

1. Create an Apple Account
2. Make sure the Apple Account is set up, and two-factor auth eabled
3. VERY IMPORTANT: Do not do any social logins with the Apple account anywhere
4. Go to your app, and initiate a Sign In With Apple login
5. Enter this account credentials on the Apple login page, and proceed
6. You will get prompted to accept terms for social login with Apple. Accept them
7. Proceed through the normal Apple sign in page to share your email or hide it
8. You will then be dropped off at a failed login screen in your Hosted UI for your Cognito instance (the web view), with a failure message.

Subsequent attempts will work.

For confirmation, I created multiple Apple Accounts and could duplicate it.

For another test point, I created a new account and went to eBay and logged in there - invoking the Terms and Conditions prompt, and accepting it. I went back to my app and did Sign In With Apple, and had no issue as I had done the Terms and Conditions elsewhere.

Obtuse, but if you need help with this one please let me know.

Hey @iron vector ! Thank you for the info! I am actually struggling with apple sign in and I wonder if you could give me a hand (as you proposed it in your message :P)

How did you make the apple sign in work with cognito? I am using amplify gen2 and I have "email: true" in my auth backend, but it seems it can't work with apple sign in. However, I could not deploy my stack with "email: false", as it would require "phone" to be set to true, and that I really don't want...

Thank you!

This is the error I get:
[+10381 ms] flutter: ERROR | StateMachineBloc | Error signing in: UnknownException {
[ ] "message": "(invalidRequest) Invalid user attributes: emails: The attribute emails is required "
[ ] }
[ ] package:amplify_auth_cognito_dart/src/flows/hosted_ui/hosted_ui_platform.dart 236:7 HostedUiPlatform.exchange
[ ] package:amplify_auth_cognito_dart/src/state/machines/hosted_ui_state_machine.dart 160:36 HostedUiStateMachine.onExchange

arrghh,.. completely my bad..
https://aws.amazon.com/blogs/security/how-to-set-up-sign-in-with-apple-for-amazon-cognito/

found this post, and it helped me to figure it out..
I added the email scope later, and had to delete account through apple portal and recreate it. It works now 🙂

✅ - Authentication Failure with Apple Sign In for Users Who Must Agree to Apple Terms

Yeah it’s super aggravating how Apple does that. lol. Glad you figured it out. Sorry I didn’t respond faster.

<@&705906736388898918> @supple saddle @tight flare the issue I posted is not solved. The post was accidentally highjacked with another issue.

The original one is still a problem

Authentication Failure with Apple Sign In for Users Who Must Agree to Apple Terms

﹖ - Authentication Failure with Apple Sign In for Users Who Must Agree to Apple Terms