Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.
  2. Unite 2023 Registrations are now LIVE! We are thrilled to announce that Unite 2023 Registration is now live and open for all!
    Dismiss Notice
New Forum User Notice Unite 2023 Registrations are now LIVE!

Add Sign In With Apple entitlement, any success?

Discussion in 'macOS' started by lupidan, Apr 24, 2020.

  1. lupidan

    lupidan

    Joined:
    Jan 14, 2014
    Posts:
    47
    Hi,

    Just asking the question here. Wondering if anyone has been successful in adding the Sign In With Apple entitlement when codesigning the App with either an "Apple Developer" certificate, or a "Apple Distribution" certificate.

    The moment I try to add that particular one, and codesign (Apple developer in this case), the app won´t launch at all. I even tried copying the embedded.provisioningprofile for that particular app id but no luck.
    Apparently Sign In With Apple does not work for "Developer ID" codesigned apps, so that´s out of the question.

    Anyone?
     
    lupidan, Apr 24, 2020
    #1

  2. lupidan

    lupidan

    Joined:
    Jan 14, 2014
    Posts:
    47
    I was able to successfully put the entitlements. Sign in with Apple requires at least these entitlements to be there:

    
   <key>com.apple.developer.applesignin</key>
    
   <array>
    
       <string>Default</string>
    
   </array>
    
   <key>com.apple.developer.team-identifier</key>
    
   <string>TEAM_IDENTIFIER</string>
    
   <key>com.apple.application-identifier</key>
    
   <string>TEAM_IDENTIFIER.APP_BUNDLE_ID</string>


    You can codesign the generated Unity app with an "Apple Development Certificate", including these entitlements, to test out the feature.

    Remember to copy the correct provisioning profile containing the Apple Development Certificate used, the desired entitlements, and the test devices (macOS UUIDs). You need to copy it as "embeded.provisionprofile" inside the Content folder of the .app

    I really encourage to codesign elements individually, instead of using --deep. Codesign from inside out, all the .dylib, .bundle files and, finally, the .app file.

    You only need to codesign with entitlements the main .app file, the rest don´t need the entitlements when codesigning

    You also may need to delete extraneous .meta files from Unity, due to a bug.

    Codesigning with a "Developer ID" certificate (distribution outside Mac App Store) won´t work
    Codesigning with a "Apple Distribution" certificate (distribution in the Mac App Store) won´t work either

    This is an example script that codesigns my test app correctly. I added some statements that Xcode seem to do as well when signing the application

    Code (JavaScript):
    1. # $1 Is the .app file
    2. # $2 Is the codesign identity (I recommend using the SHA1 of the certificate, visible in your keychain)
    3. # $3 Is the entitlements file to use
    4. # $4 Is the provisionprofile file to copy in the app
    5.  
    6. # Delete .meta files left by Unity in all the elements in the Plugins folder
    7. find $1/Contents/Plugins/ -name "*.meta" -print0 | xargs -I {} -0 rm -v "{}"
    8.  
    9. # Double check architecture (Xcode seems to do this)
    10. # Unity libraries
    11. lipo $1/Contents/Frameworks/MonoBleedingEdge/MonoEmbedRuntime/osx/libMonoPosixHelper.dylib -verify_arch arm64e
    12. lipo $1/Contents/Frameworks/MonoBleedingEdge/MonoEmbedRuntime/osx/libmonobdwgc-2.0.dylib -verify_arch arm64e
    13. lipo $1/Contents/Frameworks/UnityPlayer.dylib -verify_arch arm64e
    14. lipo $1/Contents/Frameworks/libcrypto.dylib -verify_arch arm64e
    15. lipo $1/Contents/Frameworks/libssl.dylib -verify_arch arm64e
    16. # Bundle plugin with my custom code to Sign In With Apple
    17. lipo $1/Contents/Plugins/MacOSAppleAuthManager.bundle/Contents/MacOS/MacOSAppleAuthManager -verify_arch arm64e
    18. # Main executable
    19. lipo $1/Contents/MacOS/AppleAuthSampleProject -verify_arch arm64e
    20.  
    21. # Clears extended attributes recursively (Xcode seems to do this)
    22. xattr -crs $1
    23.  
    24. # Sign all the elements
    25. # Unity libraries
    26. codesign -vvv --force --timestamp --options runtime -s $2 $1/Contents/Frameworks/MonoBleedingEdge/MonoEmbedRuntime/osx/libMonoPosixHelper.dylib
    27. codesign -vvv --force --timestamp --options runtime -s $2 $1/Contents/Frameworks/MonoBleedingEdge/MonoEmbedRuntime/osx/libmonobdwgc-2.0.dylib
    28. codesign -vvv --force --timestamp --options runtime -s $2 $1/Contents/Frameworks/UnityPlayer.dylib
    29. codesign -vvv --force --timestamp --options runtime -s $2 $1/Contents/Frameworks/libcrypto.dylib
    30. codesign -vvv --force --timestamp --options runtime -s $2 $1/Contents/Frameworks/libssl.dylib
    31. # Bundle plugin with my custom code to Sign In With Apple
    32. codesign -vvv --force --timestamp --options runtime -s $2 $1/Contents/Plugins/MacOSAppleAuthManager.bundle
    33. # Only sign with entitlements the .app file
    34. codesign -vvv --force --timestamp --options runtime -s $2 --entitlements $3 $1
    35.  
    36. # Finally, copy provisioning profile inside the signed app
    37. cp $4 $1/Contents/embedded.provisionprofile
    38.  
    39. # Open the app
    40. open $1
    41.  
     
    lupidan, Apr 26, 2020
    #2
    manlymooning and Tarrag like this.

  3. Tarrag

    Tarrag

    Joined:
    Nov 7, 2016
    Posts:
    215
    Hey @lupidan
    This is really cool and helpful. The Apple sign in asset you've created is so cool ! Thanks a bunch for it !!

    I am getting this error on a MacOSX build -> after codesigning and I try to upload with Transporter I can't upload it getting Transporter Delivery error

    ERROR ITMS-90511 @CFBundleIdentifier Collision. The info.plist CFBundleIdentifier value 'com.lupidan.MacOSAppleAuthManager" of 'appname.app/Contents/Plugins/MacOSAppleAuthManager.bundle' is already in use by another application"

    Any ideas how to work around this please?

    I had codesigned MacOSAppleAuthManager
    codesign -vvv --force --timestamp --options runtime -s "3rd Party Mac Developer Application: Name (code)" "appname.app/Contents/Plugins/MacOSAppleAuthManager.bundle"

    Do I need to add any reference to MacOSAppleAuthManager in Info.plist?

    Thanks a bunch for your help
     
    Tarrag, Oct 10, 2020
    #3

  4. lupidan

    lupidan

    Joined:
    Jan 14, 2014
    Posts:
    47
    I already answered a possible solution in the issue you opened:
    https://github.com/lupidan/apple-signin-unity/issues/72

    Basically, open the Info.plist inside the MacOSAppleAuthManager.bundle:
    appname.app/Contents/Plugins/MacOSAppleAuthManager.bundle/Contents/Info.plist

    Locate these lines:

    <key>CFBundleIdentifier</key>
    <string>com.lupidan.MacOSAppleAuthManager</string>

    and change it to something of your own, like:

    <key>CFBundleIdentifier</key>
    <string>com.yourapp.MacOSAppleAuthManager</string>

    Then codesign with the developer certificate again, check that it still works.
    Finally try uploading the App with Transporter, and let me know if it fixes the issue.
     
    lupidan, Oct 11, 2020
    #4

  5. Tarrag

    Tarrag

    Joined:
    Nov 7, 2016
    Posts:
    215
    Tarrag, Oct 11, 2020
    #5