Sign In with Apple support #110
Comments
|
@CetinSert Yes, my first impression is that Sign In with Apple uses a standard OAuth flow and should be simple to integrate into Integrating an OAuth provider into |
|
Does this clarify any questions for development? I would love to take time and send you weekly PRs for each I am not sure I can start with |
|
Interesting. AuthN currently assumes that the client secret can be generated on startup. We'll need to update the It's nice that the returned access token contains an ID token with the user ID. It looks like there's no way to fetch an email though. For now we can probably "cheat" by creating a fake email from the user ID so that the account creation validations don't need any modification. All in all, it looks doable but with at least one complication that other oauth2 clients would not have. |
|
I believe the reason they do not provide a static email as directly is because apple wants to provide a unique email per app or perhaps per login to keep user's email address private. This was a much appreciated feature when they first announced |
|
Yeah, that's neat! It just looks like there's no way to discover the email address yet. |
|
With https://github.com/golang/oauth2/pull/386/files#diff-ae789e93466cc0fcd954b362b667fec6 now defined, what needs to be done is just a provider file for your project, right? |
|
|
|
@cainlevy can you review the last two comments above? |
|
@CetinSert nice, looks ready |
|
I think the upstream PR got lost in gerrit-land on this one, I can try to resubmit but any concern about defining an endpoint internally in the interim if this one is pursued @cainlevy |
|
This PR will enable defining provider-specific signing keys as part of the configured credentials and should unblock future work here #236 |
|
Think I'm pretty close to having a PR ready for this. Will be based on this branch #241 Came across this doc with some of the rough edges in Apple's implementation that seemed worth including here for posterity https://bitbucket.org/openid/connect/src/master/How-Sign-in-with-Apple-differs-from-OpenID-Connect.md#markdown-header-peculiarities |
Implements an oauth provider for sign-in with apple. Requires some additional flexibility in oauth credentials / providers: - Include a map of additional data in credentials. - Allow providers to override secrets - configured secret in apple credentials is a private key used to sign a dynamically calculated secret - in this case a JWT that includes additional data as claims. - Allow providers to accept returns as HTTP POST instead of GET. - Allow providers to add additional oauth options to authorization request.
Implements an oauth provider for sign-in with apple. Requires some additional flexibility in oauth credentials / providers: - Include a map of additional data in credentials. - Allow providers to override secrets - configured secret in apple credentials is a private key used to sign a dynamically calculated secret - in this case a JWT that includes additional data as claims. - Allow providers to accept returns as HTTP POST instead of GET. - Allow providers to add additional oauth options to authorization request.
Implements an oauth provider for sign-in with apple. Requires some additional flexibility in oauth credentials / providers: - Include a map of additional data in credentials. - Allow providers to override secret behavior - configured secret in apple credentials is a private key used to sign a secret calculated at runtime, in this case a JWT that includes additional data as claims. - Allow providers to accept returns as HTTP POST instead of GET. - Allow providers to add additional oauth options to authorization request.
|
This is available in v1.19.0 https://github.com/keratin/authn-server/releases/tag/v1.19.0 |
https://developer.apple.com/sign-in-with-apple/
authn-server?@cainlevy
The text was updated successfully, but these errors were encountered: