Social sign in with apple scope, mapping and environment variables

[pedramp20]

Recently sign in with apple option is added to the supported options in CLI (5.1.2). The hostedUIProviderMeta parameter is generated as follows:

    "hostedUIProviderMeta": "[{\"ProviderName\":\"Facebook\",\"authorize_scopes\":\"email,public_profile\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"last_name\",\"given_name\":\"first_name\",\"username\":\"id\"}},{\"ProviderName\":\"Google\",\"authorize_scopes\":\"openid email profile\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"family_name\",\"given_name\":\"given_name\",\"username\":\"sub\"}},{\"ProviderName\":\"SignInWithApple\",\"authorize_scopes\":\"email,name\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"lastName\",\"given_name\":\"firstName\"}}]",

This authorisation scope for sign in with apple is comma separated and attribute mapping is missing name to name and sub to username maps, this results in a weird configuration of the federation identity provider and mapping (a record with email,name is added on the top) in console and when redirected to Apple throws an error of "Invalid client scope"
If the checkboxes of the authorisation scope is unticked and ticked and saved in the console, the issue goes away.

The console environment variables page does not specify the default variables for sign in with apple either. Please update it.

https://docs.aws.amazon.com/amplify/latest/userguide/environment-variables.html

[johnpc]

Is this a bug report for the CLI? If so can you provide steps to reproduce, and describe what you expected vs what you got?

As for your comment about the doc site, I believe that page is owned by amplify console, you can open up a ticket with them here

[pedramp20]

Yes it is a bug report. The steps to reproduce is:

amplify update auth

Then select:

Update OAuth social providers

Then tick

Sign in with Apple

Then provide the requested information and finally

amplify push

The result is what I attached in the previous post and what is expected is this screen shot:

Note the first item in the list. In the previous post, email and name are squashed into one item

The environment variables are requested here #2118

[letsbelopez]

@pedramp20 If you'd like, you can test a fix we've been working on. https://www.npmjs.com/package/@aws-amplify/cli/v/5.3.0-siwa-update.3

[pedramp20]

Thanks for the update. When are you planning to merge the changes into your master branch? As this issue is very annoying in the build pipeline and after each build the settings need to be reconfigured manually @letsbelopez

[github-actions]

👋 Hi, this issue was referenced in the v5.5.0 release!

Check out the release notes here https://github.com/aws-amplify/amplify-cli/releases/tag/v5.5.0.

[github-actions]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels for those types of questions.