OmniAuth::Apple

OmniAuth strategy for Sign In with Apple.

Installation

Add this line to your application's Gemfile:

gem 'omniauth-apple'

And then execute:

$ bundle

Or install it yourself as:

$ gem install omniauth-apple

Usage

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :apple, ENV['CLIENT_ID'], '',
           {
             scope: 'email name',
             team_id: ENV['TEAM_ID'],
             key_id: ENV['KEY_ID'],
             pem: ENV['PRIVATE_KEY']
           }
end

Configuring "Sign In with Apple"

other Sign In with Apple guides:

• "How To" by janak amarasena (2019)
• the docs, by Apple

Look out for the values you need for your config

1. your domain and subdomains, something like: myapp.com, www.myapp.com
2. your redirect uri, something like: https://myapp.com/users/auth/apple/callback (check rails routes to be sure)
3. omniauth's "client id" will be Apple's "bundle id", something like: com.myapp
4. you will get the "team id" value from Apple when you create your App Id, something like: H000000B
5. Apple will give you a .p8 file, which you'll use to GENERATE your :pem value

Steps

1. Log into your Apple Developer Account (if you don't have one, you can create one here)

2. Get an App Id with the "Sign In with Apple" capability

   • go to your Identifiers list
   • start a new Identifier by clicking on the + sign in the Identifiers List
   • select App IDs and click continue
   • select App and continue
   • enter a description and a bundle id
   • check the "Sign In with Apple" capability
   • save it

3. Get a Services Id (which we will use as our client id)

   • go to your Identifiers list
   • start a new Identifier by clicking on the + sign in the Identifiers List
   • select Services IDs and click continue
   • enter a description and a bundle id
   • make sure "Sign In with Apple" is checked, then click configure
   • make sure the Primary App ID matches the App ID you configured earlier

   • enter all the subdomains you might use (comma delimited):

     example.com,www.example.com

- enter all the redirect URLS you might use (comma delimited):

   https://example.com/users/auth/apple/callback,https://example.com/users/auth/apple/callback

-  save the "Sign In with Apple" capability config and the Service Id

1. Get a Secret Key
   • go to your Keys list
   • start a new Key by clicking on the + sign in the Keys List
   • enter a name
   • make sure "Sign In with Apple" is checked, then click configure
   • make sure the Primary App ID matches the App ID you configured earlier
   • save the "Sign In with Apple" capability
   • click "continue" to finish the Key config (you will be prompted to Download Your Key)
   • Apple will give you a .p8 file, keep it safe and secure (don't commit it).

Mapping Apple Values to OmniAuth Values

• your :team_id is in the top-right of your App Id config (aka App ID Prefix), it looks like: H000000B
• your :client_id is in the top-right of your Services Id config (aka Identifier), it looks like: com.example
• your :key_id is on the left side of your Key Details page, it looks like: XYZ000000

• your :pem is the content of the .p8 file you got from Apple, with an extra newline at the end

• example from a Devise config:

      config.omniauth :apple, ENV['APPLE_SERVICE_BUNDLE_ID'], '', {
        scope: 'email name',
        team_id: ENV['APPLE_APP_ID_PREFIX'],
        key_id: ENV['APPLE_KEY_ID'],
        pem: ENV['APPLE_P8_FILE_CONTENT_WITH_EXTRA_NEWLINE']
      }
  

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/nhosoya/omniauth-apple.

License

The gem is available as open source under the terms of the MIT License.