Setup Sign In With Apple

Configuration

1. Create an App ID for your website (https://developer.apple.com/account/resources/identifiers/list/bundleId) with the following details:

   • Platform: iOS, tvOS, watchOS (I'm unsure if either choice has an effect for web apps)
   • Description: (something like "example.com app id")
   • Bundle ID (Explicit): com.example.id (or something similar)
   • Check "Sign In With Apple"

2. Create a Service ID for your website (https://developer.apple.com/account/resources/identifiers/list/serviceId) with the following details:

   • Description: (something like "example.com service id")
   • Identifier: com.example.service (or something similar)
   • Check "Sign In With Apple"
   • Configure "Sign In With Apple":
     • Primary App Id: (select the primary app id created in step 1)
     • Web Domain: example.com (the domain of your web site)
     • Return URLs: https://yoursite.com/connect/callback/apple (the route pointing to the callback method in your controller)
     • Click "Save".
     • Click the "Edit" button to edit the details of the "Sign In With Apple" configuration we just created.
     • If you haven't verified the domain yet, download the verification file, upload it to https://example.com/.well-known/apple-developer-domain-association.txt, and then click the "Verify" button.

3. Create a Private Key for your website (https://developer.apple.com/account/resources/authkeys/list) with the following details:

   • Key Name:
   • Check "Sign In With Apple"
   • Configure "Sign In With Apple":
     • Primary App ID: (select the primary app id created in step 1)
     • Click "Save"
   • Click "Continue"
   • Click "Register"
   • Click "Download"
   • Rename the downloaded file to key.txt

4. Create your app's client secret:

   • Install the JWT Gem:

     sudo gem install jwt

   • Create a file called client_secret.rb to process the private key:

     require 'jwt'
     
     key_file = 'key.txt'
     team_id = ''
     client_id = ''
     key_id = ''
     
     ecdsa_key = OpenSSL::PKey::EC.new IO.read key_file
     
     headers = {
     'kid' => key_id
     }
     
     claims = {
         'iss' => team_id,
         'iat' => Time.now.to_i,
         'exp' => Time.now.to_i + 86400*180,
         'aud' => 'https://appleid.apple.com',
         'sub' => client_id,
     }
     
     token = JWT.encode claims, ecdsa_key, 'ES256', headers
     
     puts token

   • Fill in the following fields:

     • team_id: This can be found on the top-right corner when logged into your Apple Developer account, right under your name.
     • client_id: This is the identifier from the Service Id created in step 2 above, for example com.example.service
     • key_id: This is the identifier of the private key created in step 3 above.

   • Save the file and run it from the terminal. It will spit out a JWT which is your client secret, which you will need to add to your .env file in the next step.

     ruby client_secret.rb

5. Set the necessary environment variables in your .env file:

   SIGN_IN_WITH_APPLE_REDIRECT="https://yoursite.com/connect/callback/apple"
   SIGN_IN_WITH_APPLE_CLIENT_ID="your app's service id as registered with Apple"
   SIGN_IN_WITH_APPLE_CLIENT_SECRET="your app's client secret as calculated in step 4"