Setup Sign In With Apple
-
Create an
App ID
for your website (https://developer.apple.com/account/resources/identifiers/list/bundleId) with the following details:- Platform: iOS, tvOS, watchOS (I'm unsure if either choice has an effect for web apps)
- Description: (something like "example.com app id")
- Bundle ID (Explicit): com.example.id (or something similar)
- Check "Sign In With Apple"
-
Create a
Service ID
for your website (https://developer.apple.com/account/resources/identifiers/list/serviceId) with the following details:- Description: (something like "example.com service id")
- Identifier: com.example.service (or something similar)
- Check "Sign In With Apple"
- Configure "Sign In With Apple":
- Primary App Id: (select the primary app id created in step 1)
- Web Domain: example.com (the domain of your web site)
- Return URLs: https://yoursite.com/connect/callback/apple (the route pointing to the callback method in your controller)
- Click "Save".
- Click the "Edit" button to edit the details of the "Sign In With Apple" configuration we just created.
- If you haven't verified the domain yet, download the verification file, upload it to https://example.com/.well-known/apple-developer-domain-association.txt, and then click the "Verify" button.
-
Create a
Private Key
for your website (https://developer.apple.com/account/resources/authkeys/list) with the following details:- Key Name:
- Check "Sign In With Apple"
- Configure "Sign In With Apple":
- Primary App ID: (select the primary app id created in step 1)
- Click "Save"
- Click "Continue"
- Click "Register"
- Click "Download"
- Rename the downloaded file to
key.txt
-
Create your app's client secret:
-
Install the JWT Gem:
sudo gem install jwt
-
Create a file called
client_secret.rb
to process the private key:require 'jwt' key_file = 'key.txt' team_id = '' client_id = '' key_id = '' ecdsa_key = OpenSSL::PKey::EC.new IO.read key_file headers = { 'kid' => key_id } claims = { 'iss' => team_id, 'iat' => Time.now.to_i, 'exp' => Time.now.to_i + 86400*180, 'aud' => 'https://appleid.apple.com', 'sub' => client_id, } token = JWT.encode claims, ecdsa_key, 'ES256', headers puts token
-
Fill in the following fields:
-
team_id
: This can be found on the top-right corner when logged into your Apple Developer account, right under your name. -
client_id
: This is the identifier from the Service Id created in step 2 above, for example com.example.service -
key_id
: This is the identifier of the private key created in step 3 above.
-
-
Save the file and run it from the terminal. It will spit out a JWT which is your client secret, which you will need to add to your
.env
file in the next step.ruby client_secret.rb
-
-
Set the necessary environment variables in your
.env
file:SIGN_IN_WITH_APPLE_REDIRECT="https://yoursite.com/connect/callback/apple" SIGN_IN_WITH_APPLE_CLIENT_ID="your app's service id as registered with Apple" SIGN_IN_WITH_APPLE_CLIENT_SECRET="your app's client secret as calculated in step 4"