Providers icon indicating copy to clipboard operation
Providers copied to clipboard
verified publisher icon SocialiteProviders

Apple - new option for using private key instead secret key.

Open hamrak opened this issue 2 years ago • 13 comments

Rather than static client secrets, Apple requires that you derive a client secret yourself from your private key. They use the JWT standard for this, using an elliptic curve algorithm with a P-256 curve and SHA256 hash. In other words, they use the ES256 JWT algorithm.

This PR add new configuration options that allow you to use private key instead of manually generating secret key every 6 months.

'key_id' => env('APPLE_KEY_ID'), 'team_id' => env('APPLE_TEAM_ID'), 'private_key' => env('APPLE_PRIVATE_KEY'), // Must be absolute path, e.g. /var/www/cert/AuthKey_XYZ.p8 'passphrase' => env('APPLE_PASSPHRASE'), // Set if your key have a passphrase. 'signer' => env('APPLE_SIGNER'), // Signer used for Configuration::forSymmetricSigner().

Need to merge #1018 first.

hamrak avatar May 04 '23 09:05 hamrak

Could we get a docs like and a rebase please :)

atymic avatar May 13 '23 07:05 atymic

I don't know what you mean exactly. Official Apple documentation for creating secret token is here: https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens#3262048

I also put some description in README.md.

Can you tell me exactly what I should add? :)

hamrak avatar May 13 '23 16:05 hamrak

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Aug 12 '23 07:08 stale[bot]

This seems to be inspired from https://bannister.me/blog/generating-a-client-secret-for-sign-in-with-apple-on-each-request

Perhaps add support for private keys that are stored in the database / string format too?

My proposal would be something like:

$this->privateKey = $private_key_path; // Support for plain text private keys

if (!empty($private_key_path) && file_exists($private_key_path)) {
    $this->privateKey = file_get_contents($private_key_path);
}

This will ensure backwards compatibility for those of us who are already using this integration.

Thank you.

pricop avatar Sep 22 '23 09:09 pricop

pricop

Done ;)

hamrak avatar Sep 24 '23 18:09 hamrak

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Dec 15 '23 07:12 stale[bot]

Is this ready for review/merge?

atymic avatar Feb 07 '24 12:02 atymic

Yes, it should be ready for review/merge. I've been using this successfully into production on multiple websites. This would be an awesome addition.

pricop avatar Feb 07 '24 13:02 pricop

Yes, i use it in production too.

hamrak avatar Feb 07 '24 14:02 hamrak

@hamrak just a quick thing re; config and a question, then I will merge and tag new vers :)

atymic avatar Feb 10 '24 12:02 atymic