How to configure Sign In with Apple - Chia Sẻ Kiến Thức Điện Máy Việt Nam

Going through the Apple official docs and configuring this seems to be a tedious task atm. So here I will quickly guide you through the basic setup 🙂

One of the interesting things Apple rolled out at their WWDC19 conference was “Sign In with Apple”. Which is an authentication service provided by Apple where developers can allow users to sign into their applications with an Apple Id.

Well, that’s pretty much it with configurations.

Now we need to create a secret key that will be used to get our client_secret which will also be needed to make a token request from the Apple.

Now we need to obtain a Services Id. This will also serve as the cliend_id when you will be making API calls to authenticate the user.

We will need to obtain an App Id with “Sign In with Apple” capabilities.

We already have our client_id now we need one more thing to call the API; the client_secret which we will create using the private key we just downloaded.

The client secret has to be a JWT and according to Apple docs, we need to encrypt the token using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm. One of the easy ways to get this done is using ruby-jwt. Firstly check whether you already have Ruby setup if not you can get it from here.

Below are the details we will need to include in the JWT.

--Header--
alg - The encryption algorithm used to encrypt the token. This will be ES256.

kid - The 10 charachter Key ID of the private key you create. You can get it from
Certificates, Identifiers & Profiles > Keys > (click on the key you created).

--Payload--
iss - 10 character Team ID give to you. You can find it here

- 10 character Team ID give to you. You can find it here https://developer.apple.com/account/#/membership

iat - I ndicates the time at which the token was generated, in terms of the number of seconds since Epoch, in UTC.

exp - Indicates the expiry time of the toke n expiration, in terms of the number of seconds since Epoch, in UTC. Accroding to the docs the value must not be greater than 15777000 (6 months in seconds) from the Current Unix Time on the server.

aud - The value of which identifies the recipient the JWT is intended for. Since this token is meant for Apple, use https://appleid.apple.com.

sub - The value of which identifies the principal that is the subject of the JWT. Use the same value as client_id as this token is meant for your application.

Let’s get the client_secret.

After setting up Ruby run the command sudo gem install jwt this will setup ruby-jwt.

Add the necessary details and save the following as secret_gen.rb

You can run the secret_gen.rb file using the command ruby secret_gen.rb from the terminal and it will give you the client_secret.