OmniAuth::Apple

OmniAuth strategy for # with Apple.

Installation

Add this line to your application's Gemfile:

gem 'omniauth-apple'

And then execute:

$ bundle

Or install it yourself as:

$ gem install omniauth-apple

Usage

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :apple, ENV['CLIENT_ID'], '',
           {
             scope: 'email name',
             team_id: ENV['TEAM_ID'],
             key_id: ENV['KEY_ID'],
             pem: ENV['PRIVATE_KEY']
           }
end

Configuring "# with Apple"

other # with Apple guides:

• "How To" by janak amarasena (2019)
• the docs, by Apple

Look out for the values you need for your config

1. your domain and subdomains, something like: myapp.com, www.myapp.com
2. your redirect uri, something like: https://myapp.com/users/auth/apple/callback (check rails routes to be sure)
3. omniauth's "client id" will be Apple's "bundle id", something like: com.myapp
4. you will get the "team id" value from Apple when you create your App Id, something like: H000000B
5. Apple will give you a .p8 file, which you'll use to GENERATE your :pem value

Steps

1. Log into your Apple Developer Account (if you don't have one, you can create one here)

2. Get an App Id with the "# with Apple" capability

   • go to your Identifiers list
   • start a new Identifier by clicking on the + # the Identifiers List
   • select App IDs and click continue
   • select App and continue
   • enter a description and a bundle id
   • check the "# with Apple" capability
   • save it

3. Get a Services Id (which we will use as our client id)

   • go to your Identifiers list

   • start a new Identifier by clicking on the + # the Identifiers List

   • select Services IDs and click continue

   • enter a description and a bundle id

   • make sure "# with Apple" is checked, then click configure

   • make sure the Primary App ID matches the App ID you configured earlier

   • enter all the subdomains you might use (comma delimited):

     example.com,www.example.com

   • enter all the redirect URLS you might use (comma delimited):

     https://example.com/users/auth/apple/callback,https://example.com/users/auth/apple/callback

   • save the "# with Apple" capability config and the Service Id

4. Get a Secret Key

   • go to your Keys list
   • start a new Key by clicking on the + # the Keys List
   • enter a name
   • make sure "# with Apple" is checked, then click configure
   • make sure the Primary App ID matches the App ID you configured earlier
   • save the "# with Apple" capability
   • click "continue" to finish the Key config (you will be prompted to Download Your Key)
   • Apple will give you a .p8 file, keep it safe and secure (don't commit it).

Mapping Apple Values to OmniAuth Values

• your :team_id is in the top-right of your App Id config (aka App ID Prefix), it looks like: H000000B

• your :client_id is in the top-right of your Services Id config (aka Identifier), it looks like: com.example

• your :key_id is on the left side of your Key Details page, it looks like: XYZ000000

• your :pem is the content of the .p8 file you got from Apple, with an extra newline at the end

• example from a Devise config:

    config.omniauth :apple, ENV['APPLE_SERVICE_BUNDLE_ID'], '', {
      scope: 'email name',
      team_id: ENV['APPLE_APP_ID_PREFIX'],
      key_id: ENV['APPLE_KEY_ID'],
      pem: ENV['APPLE_P8_FILE_CONTENT_WITH_EXTRA_NEWLINE']
    }

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/nhosoya/omniauth-apple.

License

The gem is available as open source under the terms of the MIT License.