OmniAuth::Apple
OmniAuth strategy for Sign In with Apple.
Installation
Add this line to your application's Gemfile:
gem 'omniauth-apple'
And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth-apple
Usage
Rails.application.config.middleware.use OmniAuth::Builder do
provider :apple, ENV['CLIENT_ID'], '',
{
scope: 'email name',
team_id: ENV['TEAM_ID'],
key_id: ENV['KEY_ID'],
pem: ENV['PRIVATE_KEY']
}
end
Configuring "Sign In with Apple"
other Sign In with Apple guides:
Look out for the values you need for your config
- your domain and subdomains, something like:
myapp.com
,www.myapp.com
- your redirect uri, something like:
https://myapp.com/users/auth/apple/callback
(checkrails routes
to be sure) - omniauth's "client id" will be Apple's "bundle id", something like:
com.myapp
- you will get the "team id" value from Apple when you create your App Id, something like:
H000000B
- Apple will give you a
.p8
file, which you'll use to GENERATE your:pem
value
Steps
-
Log into your Apple Developer Account (if you don't have one, you can create one here)
-
Get an App Id with the "Sign In with Apple" capability
- go to your Identifiers list
- start a new Identifier by clicking on the + sign in the Identifiers List
- select App IDs and click continue
- select App and continue
- enter a description and a bundle id
- check the "Sign In with Apple" capability
- save it
-
Get a Services Id (which we will use as our client id)
-
go to your Identifiers list
-
start a new Identifier by clicking on the + sign in the Identifiers List
-
select Services IDs and click continue
-
enter a description and a bundle id
-
make sure "Sign In with Apple" is checked, then click configure
-
make sure the Primary App ID matches the App ID you configured earlier
-
enter all the subdomains you might use (comma delimited):
example.com,www.example.com
-
enter all the redirect URLS you might use (comma delimited):
https://example.com/users/auth/apple/callback,https://example.com/users/auth/apple/callback
-
save the "Sign In with Apple" capability config and the Service Id
-
-
Get a Secret Key
- go to your Keys list
- start a new Key by clicking on the + sign in the Keys List
- enter a name
- make sure "Sign In with Apple" is checked, then click configure
- make sure the Primary App ID matches the App ID you configured earlier
- save the "Sign In with Apple" capability
- click "continue" to finish the Key config (you will be prompted to Download Your Key)
- Apple will give you a
.p8
file, keep it safe and secure (don't commit it).
Mapping Apple Values to OmniAuth Values
-
your
:team_id
is in the top-right of your App Id config (aka App ID Prefix), it looks like:H000000B
-
your
:client_id
is in the top-right of your Services Id config (aka Identifier), it looks like:com.example
-
your
:key_id
is on the left side of your Key Details page, it looks like:XYZ000000
-
your
:pem
is the content of the.p8
file you got from Apple, with an extra newline at the end -
example from a Devise config:
config.omniauth :apple, ENV['APPLE_SERVICE_BUNDLE_ID'], '', { scope: 'email name', team_id: ENV['APPLE_APP_ID_PREFIX'], key_id: ENV['APPLE_KEY_ID'], pem: ENV['APPLE_P8_FILE_CONTENT_WITH_EXTRA_NEWLINE'] }
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/nhosoya/omniauth-apple.
License
The gem is available as open source under the terms of the MIT License.