Unable to set Apple private key (.p8)

[SpaghettiC0des]

Before opening, please confirm:

• I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
• I have searched for duplicate or closed issues.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

How did you install the Amplify CLI?

yarn global add @aws-amplify/cli

If applicable, what version of Node.js are you using?

v16.13.0

Amplify CLI Version

7.6.7

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made

Amplify Categories

auth

Amplify Commands

push

Describe the bug

Unable to set private_key.p8, I tried copying the p8 contents and using path but I'm not able to make this work. The docs does not describe how to properly setup SIWA.

Expected behavior

It should be able to push without Provided private key cannot be used for Sign in with Apple error.

Reproduction steps

amplify update auth
❯ Update OAuth social providers 
◉ Sign in with Apple

Fill up the necessary data

Then

Try path or p8 contents, it does not work.
Enter your Private Key for your OAuth flow:  ./path_to.p8

GraphQL schema(s)

# Put schemas below this line

Log output

# Put your logs below this line
Resource Name: 2022/01/10/[$LATEST]3f5b94f511a1427ea5548fb53b5c0bc3 (Custom::LambdaCallout)
Event Type: create
Reason: Received response status [FAILED] from custom resource. Message returned: See the details in CloudWatch Log Stream: 2022/01/10/[$LATEST]3f5b94f511a1427ea5548fb53b5c0bc3 (RequestId: 1759da36-e6fd-46ed-8f9e-b15122d4a35f)


Resource Name: 2022/01/10/[$LATEST]af46afe57b1741df81b73249058f2021 (Custom::LambdaCallout)
Event Type: create
Reason: Received response status [FAILED] from custom resource. Message returned: See the details in CloudWatch Log Stream: 2022/01/10/[$LATEST]af46afe57b1741df81b73249058f2021 (RequestId: 2e4fa649-18e7-47dc-9953-283a2b148fc0)


// CloudWatch JSON error
{
    "Status": "FAILED",
    "Reason": "See the details in CloudWatch Log Stream: 2022/01/10/[$LATEST]f7beceb769d043279637f815cdd91afb",
    "PhysicalResourceId": "2022/01/10/[$LATEST]f7beceb769d043279637f815cdd91afb",
    "StackId": "arn:aws:cloudformation:us-east-2:143966962572:stack/amplify-applesignin-dev-231357-authapplesignin7cfff4b7-11QDAUKAZKS2H/58bd1cd0-7233-11ec-9632-06c5cf500f92",
    "RequestId": "4b223649-f4ad-4689-b515-b298eedf1a1c",
    "LogicalResourceId": "HostedUIProvidersCustomResourceInputs",
    "NoEcho": false,
    "Data": {
        "err": {
            "message": "Provided private key cannot be used for Sign in with Apple.",
            "code": "InvalidParameterException",
            "time": "2022-01-10T16:37:00.278Z",
            "requestId": "01d0bad7-9168-4769-b87f-0c44a28e1645",
            "statusCode": 400,
            "retryable": false,
            "retryDelay": 54.55269406556693
        }
    }
}

Additional information

I also tried adding the private_key.p8 inside ~/.aws/amplify, then set the private key path on CLI prompt with ./private_key.p8.

[SpaghettiC0des]

Additional logs

{
    "LogicalResourceId": "HostedUIProvidersCustomResourceInputs",
    "NoEcho": false,
    "Data": {
        "err": {
            "message": "Provided private key cannot be used for Sign in with Apple.",
            "code": "InvalidParameterException",
            "time": "2022-01-10T19:28:51.712Z",
            "requestId": "bba90cec-f2af-4505-99ad-1456586d69fd",
            "statusCode": 400,
            "retryable": false,
            "retryDelay": 97.73668519290946
        }
    }
}

{
        "LogicalResourceId": "OAuthCustomResourceInputs",
    "NoEcho": false,
    "Data": {
        "err": {
            "message": "The provider SignInWithApple does not exist for User Pool us-east-2_78SHZy0qr.",
            "code": "InvalidParameterException",
            "time": "2022-01-10T19:28:51.352Z",
            "requestId": "54e300dc-f2d3-43a7-9e84-398f7dc34f81",
            "statusCode": 400,
            "retryable": false,
            "retryDelay": 88.48927212960052
        }
    }
}

[johnpc]

I have had this error happen to me when I accidentally included newlines or other unexpected characters in my private key. Could that be it?

[SpaghettiC0des]

@johnpc Yeah, I think that's it.

What I did is to upload .p8 key on Amplify Studio, amplify pull it. Then, copy the HostedUiCreds then paste it to deployment-secrets.json.

My question is, does the CLI accept the path/to/key.p8 or paste the p8 key without new lines?

[johnpc]

I think it uses path/to/key.p8 - is that not working for you? Make sure it's the absolute path

Contents should work if you make sure there aren't newlines

[SpaghettiC0des]

Using path to the .p8 file does not work for me. That’s why I set it up using amplify studio. Can you verify using the amplify version on this issue?

…

On Wed, Jan 19, 2022 at 03:15 John Corser ***@***.***> wrote: I think it uses path/to/key.p8 - is that not working for you? Make sure it's the absolute path — Reply to this email directly, view it on GitHub <#9478 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABW4M2C77VT7PKPCJ4XTLN3UWW343ANCNFSM5LUHVXUA> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[johnpc]

I don't understand - are you currently still blocked on this, or did the studio workaround work for you? I cannot reproduce an issue with this on v7.6.9

[cjihrig]

Closing due to a lack of followup, but we can revisit this issue if needed.

[jedwardblack]

This worked for me: #8939 (comment)