Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/BenjaminFavre/keycloak-apple-social-identity-provider

Apple Social Identity Provider for Keycloak
https://github.com/BenjaminFavre/keycloak-apple-social-identity-provider

Last synced: about 1 month ago
JSON representation

Apple Social Identity Provider for Keycloak

Host: GitHub
URL: https://github.com/BenjaminFavre/keycloak-apple-social-identity-provider
Owner: BenjaminFavre
License: apache-2.0
Created: 2020-05-03T17:50:16.000Z (about 4 years ago)
Default Branch: master
Last Pushed: 2023-03-09T10:03:54.000Z (over 1 year ago)
Last Synced: 2024-02-10T10:11:03.832Z (5 months ago)
Language: Java
Size: 12.7 KB
Stars: 106
Watchers: 8
Forks: 52
Open Issues: 22
Metadata Files:
- Readme: README.md
- License: LICENSE

Lists

awesome-keycloak - Apple Social Identity Provider for Keycloak
awesome-stars - BenjaminFavre/keycloak-apple-social-identity-provider - Apple Social Identity Provider for Keycloak (Java)

README

        # Apple Social Identity Provider for Keycloak

An extension to [Keycloak](https://www.keycloak.org/) that provides support for [Sign in with Apple](https://developer.apple.com/sign-in-with-apple/).

Sign in with Apple follows the [OIDC](https://openid.net/) standard but uses some unusual parts of the protocol which are not implemented yet in Keycloak. Those specificities are:

* Apple sends the Authentication Response as a POST request if scopes were requested;

* User data (email, first name and last name) is received in the body of the authentication response—there is no Userinfo endpoint;

* User data is provided only the first time the user authorizes the client on his Apple account;

* The Token Request must be authentified by a JWT token signed by a specific private key.

The present extension addresses all these requirements.

## Installation

1. Download the latest release of the provider JAR file [here](https://github.com/BenjaminFavre/keycloak-apple-social-identity-provider/releases).

1. Install the provider JAR file following Keycloak instructions [there](https://www.keycloak.org/docs/latest/server_development/index.html#using-the-keycloak-deployer).

## Configuration

In Keycloak admin console:

1. Add an identity provider and select *Apple*.

1. Fill *Client secret* with the base 64 content of your private key file (trim delimiters and new lines).

   e.g., if your private key is:

   

       -----BEGIN PRIVATE KEY-----

       Rp6vMlHPYTHnyucsPvFk8gTzdYtTueMbmVznAtkUKhD9HPcI3bLKDrr0b2mNJLfS

       tsyvhbpyMUIpaffKQcY7IUuM20ecYBjiyjkLuX5eDQUInWUINfCCyXQnNdSU4K1j

       2z4IJrvacQz1PFrL0Tj4lt72jSxikzMBHWsGdFyT90bx0R26GR4YCudKxltozVrK

       PsUC1cdy

       -----END PRIVATE KEY-----

   

   then you should set *Client secret* with:

   

       Rp6vMlHPYTHnyucsPvFk8gTzdYtTueMbmVznAtkUKhD9HPcI3bLKDrr0b2mNJLfStsyvhbpyMUIpaffKQcY7IUuM20ecYBjiyjkLuX5eDQUInWUINfCCyXQnNdSU4K1j2z4IJrvacQz1PFrL0Tj4lt72jSxikzMBHWsGdFyT90bx0R26GR4YCudKxltozVrKPsUC1cdy

1. Fill *Team ID* and *Key ID* with corresponding values found in Apple Developer console.

1. Set Default Scopes to 'openid%20name%20email' to retrieve email, firstname and lastname from apple.