handle oauth deep link when associated domain app links are used

Package.swift

@@ -17,7 +17,6 @@ let package = Package(
         .package(url: "https://github.com/apple/swift-algorithms", .upToNextMajor(from: "1.2.0")),
         .package(url: "https://github.com/auth0/SimpleKeychain", .upToNextMajor(from: "1.0.0")),
         .package(url: "https://github.com/kean/Get", .upToNextMajor(from: "2.1.6")),
-//        .package(url: "https://github.com/hmlongco/Factory", branch: "swift6"),
         .package(url: "https://github.com/hmlongco/Factory", .upToNextMajor(from: "2.3.1")),
         .package(url: "https://github.com/kean/Nuke", .upToNextMajor(from: "12.1.6")),
         .package(url: "https://github.com/marmelroy/PhoneNumberKit", .upToNextMajor(from: "3.7.4"))
@@ -32,6 +31,7 @@ let package = Package(
                 "SimpleKeychain",
                 "Get",
                 "Factory",
+                .product(name: "Nuke", package: "Nuke"),
                 .product(name: "NukeUI", package: "Nuke"),
                 "PhoneNumberKit"
             ],

Sources/API/Models/ExternalAuthResult.swift

@@ -0,0 +1,13 @@
+//
+//  ExternalAuthResult.swift
+//  Clerk
+//
+//  Created by Mike Pitre on 1/6/25.
+//
+
+import Foundation
+
+public struct ExternalAuthResult {
+    public var signIn: SignIn?
+    public var signUp: SignUp?
+}

Sources/API/Models/SignIn.swift

@@ -435,20 +435,24 @@ public struct SignIn: Codable, Sendable, Equatable, Hashable {
 
             let signIn = try await Client.get()?.signIn
 
-            guard signIn?.needsTransferToSignUp == true else {
-                return ExternalAuthResult(signIn: signIn)
-            }
-
-            let botProtectionIsEnabled = Clerk.shared.environment?.displayConfig.botProtectionIsEnabled == true
-
-            if botProtectionIsEnabled {
+            if signIn?.needsTransferToSignUp == true {
+
+                let botProtectionIsEnabled = Clerk.shared.environment?.displayConfig.botProtectionIsEnabled == true
+
+                if botProtectionIsEnabled {
 
-                return ExternalAuthResult(signIn: signIn)
+                    return ExternalAuthResult(signIn: signIn)
+
+                } else {
+
+                    let signUp = try await SignUp.create(strategy: .transfer)
+                    return ExternalAuthResult(signUp: signUp)
+
+                }
 
             } else {
 
-                let signUp = try await SignUp.create(strategy: .transfer)
-                return ExternalAuthResult(signUp: signUp)
+                return ExternalAuthResult(signIn: signIn)
 
             }
         }

Sources/API/Models/SignUp.swift

@@ -393,12 +393,12 @@ public struct SignUp: Codable, Sendable, Equatable, Hashable {
 
             let signUp = try await Client.get()?.signUp
 
-            guard signUp?.needsTransferToSignIn == true else {
+            if signUp?.needsTransferToSignIn == true {
+                let signIn = try await SignIn.create(strategy: .transfer)
+                return ExternalAuthResult(signIn: signIn)
+            } else {
                 return ExternalAuthResult(signUp: signUp)
             }
-
-            let signIn = try await SignIn.create(strategy: .transfer)
-            return ExternalAuthResult(signIn: signIn)
         }
     }
 

Sources/API/Utils/DeepLinkHandler.swift

@@ -32,21 +32,13 @@ extension Clerk {
         )?.value else {
             return
         }
-
+                
         guard let url = URL(string: finalRedirectUrl) else {
             return
         }
 
         do {
-            if try await SignIn.handleOAuthCallbackUrl(url) != nil {
-                WebAuthentication.currentSession?.cancel()
-                return
-            }
-
-            if try await SignUp.handleOAuthCallbackUrl(url) != nil {
-                WebAuthentication.currentSession?.cancel()
-                return
-            }
+            WebAuthentication.finishWithDeeplinkUrl(url: url)
         } catch {
             dump(error)
         }

Sources/API/Utils/ExternalAuthUtils.swift

@@ -24,24 +24,4 @@ enum ExternalAuthUtils {
         return nonceQueryItem.value
     }
 
-    #if canImport(AuthenticationServices) && !os(watchOS)
-    /// Presents the native sign in with apple sheet to get an ASAuthorizationAppleIDCredential
-    @MainActor
-    static func getAppleIdCredential() async throws -> ASAuthorizationAppleIDCredential {
-        let authManager = SignInWithAppleManager()
-        let authorization = try await authManager.start()
-
-        guard let appleIdCredential = authorization.credential as? ASAuthorizationAppleIDCredential else {
-            throw ClerkClientError(message: "Unable to get your Apple ID credential.")
-        }
-
-        return appleIdCredential
-    }
-    #endif
-
-}
-
-public struct ExternalAuthResult {
-    public var signIn: SignIn?
-    public var signUp: SignUp?
 }

Sources/API/Utils/SignInWithAppleManager.swift

@@ -11,7 +11,7 @@
 import Foundation
 import AuthenticationServices
 
-final class SignInWithAppleManager: NSObject {
+final public class SignInWithAppleManager: NSObject {
 
     private var continuation: CheckedContinuation<ASAuthorization,Error>?
 
@@ -42,15 +42,29 @@ final class SignInWithAppleManager: NSObject {
             authorizationController.performRequests()
         }
     }
+
+    /// Presents the native sign in with apple sheet to get an ASAuthorizationAppleIDCredential
+    @MainActor
+    static public func getAppleIdCredential() async throws -> ASAuthorizationAppleIDCredential {
+        let authManager = SignInWithAppleManager()
+        let authorization = try await authManager.start()
+
+        guard let appleIdCredential = authorization.credential as? ASAuthorizationAppleIDCredential else {
+            throw ClerkClientError(message: "Unable to get your Apple ID credential.")
+        }
+
+        return appleIdCredential
+    }
+
 }
 
 extension SignInWithAppleManager: ASAuthorizationControllerDelegate {
 
-    func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {
+    public func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {
         continuation?.resume(returning: authorization)
     }
 
-    func authorizationController(controller: ASAuthorizationController, didCompleteWithError error: any Error) {
+    public func authorizationController(controller: ASAuthorizationController, didCompleteWithError error: any Error) {
         continuation?.resume(throwing: error)
     }
 
@@ -59,7 +73,7 @@ extension SignInWithAppleManager: ASAuthorizationControllerDelegate {
 extension SignInWithAppleManager: ASAuthorizationControllerPresentationContextProviding {
 
     @MainActor
-    func presentationAnchor(for controller: ASAuthorizationController) -> ASPresentationAnchor {
+    public func presentationAnchor(for controller: ASAuthorizationController) -> ASPresentationAnchor {
         ASPresentationAnchor()
     }
 

Sources/API/Utils/WebAuthentication.swift

@@ -13,7 +13,8 @@ final class WebAuthentication: NSObject {
     let url: URL
     let prefersEphemeralWebBrowserSession: Bool
 
-    static var currentSession: ASWebAuthenticationSession?
+    private static var currentSession: ASWebAuthenticationSession?
+    private static var continuation: CheckedContinuation<URL, any Error>?
 
     init(
         url: URL,
@@ -29,23 +30,26 @@ final class WebAuthentication: NSObject {
         return components
     }
 
+    private static func completionHandler(_ url: URL?, error: Error?) -> Void {
+        Self.currentSession = nil
+
+        if let url {
+            Self.continuation?.resume(returning: url)
+        } else if let error {
+            Self.continuation?.resume(throwing: error)
+        } else {
+            Self.continuation?.resume(throwing: ClerkClientError(message: "Missing callback URL"))
+        }
+    }
+
     func start() async throws -> URL {
         try await withCheckedThrowingContinuation { continuation in
+            Self.continuation = continuation
 
             Self.currentSession = ASWebAuthenticationSession(
                 url: url,
                 callbackURLScheme: Clerk.shared.redirectConfig.callbackUrlScheme,
-                completionHandler: { url, error in
-                    Self.currentSession = nil
-
-                    if let url {
-                        continuation.resume(returning: url)
-                    } else if let error {
-                        continuation.resume(throwing: error)
-                    } else {
-                        continuation.resume(throwing: ClerkClientError(message: "Missing callback URL"))
-                    }
-                }
+                completionHandler: Self.completionHandler
             )
 
             #if !os(watchOS) && !os(tvOS)
@@ -59,6 +63,10 @@ final class WebAuthentication: NSObject {
             Self.currentSession?.start()
         }
     }
+
+    static func finishWithDeeplinkUrl(url: URL) {
+        completionHandler(url, error: nil)
+    }
 }
 
 #if !os(watchOS) && !os(tvOS)

Sources/UI/Common/AuthSocialProvidersView.swift

@@ -16,6 +16,11 @@ struct AuthSocialProvidersView: View {
     @Environment(\.clerkTheme) private var clerkTheme
     @State private var stackWidth: CGFloat = .zero
 
+    enum UseCase {
+        case signIn, signUp
+    }
+
+    var useCase: UseCase = .signIn
     var onSuccess:((_ externalAuthResult: ExternalAuthResult) -> Void)?
 
     private var socialProviders: [OAuthProvider] {
@@ -61,11 +66,9 @@ struct AuthSocialProvidersView: View {
 
         do {
 			if provider == .apple {
-                externalAuthResult = try await signInWithApple()
+                externalAuthResult = try await authenticateWithApple()
             } else {
-                externalAuthResult = try await SignIn
-                    .create(strategy: .oauth(provider))
-                    .authenticateWithRedirect()
+                externalAuthResult = try await authenticateWithOAuth(provider: provider)
             }
 
             onSuccess?(externalAuthResult)
@@ -76,16 +79,56 @@ struct AuthSocialProvidersView: View {
         }
     }
 
-    private func signInWithApple() async throws -> ExternalAuthResult {
-        let appleIdCredential = try await ExternalAuthUtils.getAppleIdCredential()
+    private func authenticateWithOAuth(provider: OAuthProvider) async throws -> ExternalAuthResult {
+        var externalAuthResult: ExternalAuthResult
+
+        switch useCase {
+        case .signIn:
+            externalAuthResult = try await SignIn
+                .create(strategy: .oauth(provider))
+                .authenticateWithRedirect()
+        case .signUp:
+            externalAuthResult = try await SignUp
+                .create(strategy: .oauth(provider))
+                .authenticateWithRedirect()
+        }
+
+        if let signUp = externalAuthResult.signUp,
+           let externalAccountVerification = signUp.verifications.first(where: { $0.key == "external_account" })?.value,
+           let error = externalAccountVerification.error {
+            throw error
+        }
+
+        return externalAuthResult
+    }
+
+    private func authenticateWithApple() async throws -> ExternalAuthResult {
+        let appleIdCredential = try await SignInWithAppleManager.getAppleIdCredential()
 
         guard let idToken = appleIdCredential.identityToken.flatMap({ String(data: $0, encoding: .utf8) }) else {
             throw ClerkClientError(message: "Unable to get ID token from Apple ID Credential.")
         }
 
-        let externalAuthResult = try await SignIn
-            .create(strategy: .idToken(provider: .apple, idToken: idToken))
-            .authenticateWithIdToken()
+        var externalAuthResult: ExternalAuthResult
+
+        switch useCase {
+        case .signIn:
+            externalAuthResult = try await SignIn
+                .create(strategy: .idToken(provider: .apple, idToken: idToken))
+                .authenticateWithIdToken()
+
+        case .signUp:
+            externalAuthResult = try await SignUp
+                .create(
+                    strategy: .idToken(
+                        .apple,
+                        idToken: idToken,
+                        firstName: appleIdCredential.fullName?.givenName,
+                        lastName: appleIdCredential.fullName?.familyName
+                    )
+                )
+                .authenticateWithIdToken()
+        }
 
         return externalAuthResult
     }

Sources/UI/Components/Auth/SignIn/SignInFactorOneAlternativeMethodsView.swift

@@ -58,7 +58,7 @@ struct SignInFactorOneAlternativeMethodsView: View {
     }
 
     private func signInWithApple() async throws -> ExternalAuthResult {
-        let appleIdCredential = try await ExternalAuthUtils.getAppleIdCredential()
+        let appleIdCredential = try await SignInWithAppleManager.getAppleIdCredential()
 
         guard let idToken = appleIdCredential.identityToken.flatMap({ String(data: $0, encoding: .utf8) }) else {
             throw ClerkClientError(message: "Unable to get ID token from Apple ID Credential.")