Adding Sign In with Apple to your app in under 5mins with ZERO code

Image from https://developer.apple.com

Apple recently rolled out a new feature called “Sign In with Apple” which allows users to log into apps using the user's apple id. https://developer.apple.com/sign-in-with-apple

The question in most developers minds right now would be how hard will it be to integrate this into my existing app? Well if you're using the WSO2 Identity Server, the answer will be… It is pretty damn simple! ZERO code change and under 5mins. The hard part is actually configuring the stuff from Apple side 😜. The very first thing you’ll need to do is to configure Sign In with Apple using your Apple developer account. You can refer to my blog post on How to configure Sign In with Apple to quickly get started.

Then the two most important things you’re going to need to add this capability to your app is the client id and the client secret which will be used to call the Apples’ authentication service.

• client_id: The application identifier for your app.
• client_secret: A secret generated as a JSON Web Token that uses the secret key generated by the WWDR portal.

Now we are all set to add Sign In with Apple to your application.

Firstly we are going to add “Sign In with Apple” as an Identity Provider.

1. Log in to the carbon management console.
2. On the Main tab, Identity > Identity Providers > Click Add.
3. Fill in the required details in the Basic Information section.
4. Expand the Federated Authenticators section and then the OAuth2/OpenID Connect Configuration form. This is where we will be adding the configurations to connect with Apples new sign in service.

Tick the checkbox saying Enable OAuth2/OpenIDConnect.

So here are the basic details you need to enter. (If you haven’t already done the necessary configuration from within the Apple developer account below stuff might confuse you.)

• Client Id: This is the Service ID of the service you created when setting up.
• Client Secret: This is the JWT you created using the private key you obtained.
• Authorization Endpoint URL: https://appleid.apple.com/auth/authorize
• Token Endpoint URL: https://appleid.apple.com/auth/token
• Callback Url: This will be the /commonauth endpoint of WSO2 IS. Also, you have to add this as a Return URL when you configured Sign In with Apple when creating the Service Id.

<Update>
[Optional] If you want to request any scopes you can specify them under Additional Query Parameters like

scope=openid email&response_mode=form_post.

Few things to note when adding scopes. The scope values are space-separated. And if you are requesting scopes you must also add the response_mode=form_post param (This is something that apple mandates. The Identity Server is capable of handling form_post responses by default).

Click on Register after adding the details.

Now, let's add this to your Application.

1. On the Main tab, click Service Providers> List > Select the service provider you have already created for your existing app.
2. Click on your applications’ service provider.
3. Expand Local & Outbound Authentication Configuration and click on the Advanced Configuration.
4. Click Add Authentication Step which is under Authentication Step Configuration. Under Step 1 in Local Authenticators select basic and click Add Authenticator which is next to it (this your normal authentication method which you used previously). In Federated Authenticators select the IDP we just created and click Add Authenticator (this will add Sign In with Apple to your app). Click Update and again Update in the next screen.

Well, that's it! Now when you go to login from your application you will have an option to use “Sign In with Apple”.

So how are you able to integrate with a new technology this easily using WSO2 IS… It’s because the WSO2 IS supports commonly used open standards. And though Apple hasn’t really mentioned it, from the looks of it the implementation of “Sign In with Apple” is done according to OIDC and OAuth2; two very commonly used open standards for authentication and authorization. So, even if another new authentication mechanism roles out tomorrow, if it's based on open standards, WSO2 Identity Server has already got you covered. You just need a simple configuration like the above to add it to your application

If you are interested in knowing how Sign In with Apple works, you can read about it from this very nice blog post over here or join this free webinar on Apple Sign In: A Zero-Code Integration Approach Using WSO2 Identity Server conducted by industry experts :)