Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/BenjaminFavre/keycloak-apple-social-identity-provider
Apple Social Identity Provider for Keycloak
https://github.com/BenjaminFavre/keycloak-apple-social-identity-provider
Last synced: about 1 month ago
JSON representation
Apple Social Identity Provider for Keycloak
- Host: GitHub
- URL: https://github.com/BenjaminFavre/keycloak-apple-social-identity-provider
- Owner: BenjaminFavre
- License: apache-2.0
- Created: 2020-05-03T17:50:16.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2023-03-09T10:03:54.000Z (over 1 year ago)
- Last Synced: 2024-02-10T10:11:03.832Z (5 months ago)
- Language: Java
- Size: 12.7 KB
- Stars: 106
- Watchers: 8
- Forks: 52
- Open Issues: 22
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-keycloak - Apple Social Identity Provider for Keycloak
- awesome-stars - BenjaminFavre/keycloak-apple-social-identity-provider - Apple Social Identity Provider for Keycloak (Java)
README
# Apple Social Identity Provider for Keycloak
An extension to [Keycloak](https://www.keycloak.org/) that provides support for [Sign in with Apple](https://developer.apple.com/sign-in-with-apple/).
Sign in with Apple follows the [OIDC](https://openid.net/) standard but uses some unusual parts of the protocol which are not implemented yet in Keycloak. Those specificities are:
* Apple sends the Authentication Response as a POST request if scopes were requested;
* User data (email, first name and last name) is received in the body of the authentication response—there is no Userinfo endpoint;
* User data is provided only the first time the user authorizes the client on his Apple account;
* The Token Request must be authentified by a JWT token signed by a specific private key.The present extension addresses all these requirements.
## Installation
1. Download the latest release of the provider JAR file [here](https://github.com/BenjaminFavre/keycloak-apple-social-identity-provider/releases).
1. Install the provider JAR file following Keycloak instructions [there](https://www.keycloak.org/docs/latest/server_development/index.html#using-the-keycloak-deployer).## Configuration
In Keycloak admin console:
1. Add an identity provider and select *Apple*.
1. Fill *Client secret* with the base 64 content of your private key file (trim delimiters and new lines).e.g., if your private key is:
-----BEGIN PRIVATE KEY-----
Rp6vMlHPYTHnyucsPvFk8gTzdYtTueMbmVznAtkUKhD9HPcI3bLKDrr0b2mNJLfS
tsyvhbpyMUIpaffKQcY7IUuM20ecYBjiyjkLuX5eDQUInWUINfCCyXQnNdSU4K1j
2z4IJrvacQz1PFrL0Tj4lt72jSxikzMBHWsGdFyT90bx0R26GR4YCudKxltozVrK
PsUC1cdy
-----END PRIVATE KEY-----
then you should set *Client secret* with:
Rp6vMlHPYTHnyucsPvFk8gTzdYtTueMbmVznAtkUKhD9HPcI3bLKDrr0b2mNJLfStsyvhbpyMUIpaffKQcY7IUuM20ecYBjiyjkLuX5eDQUInWUINfCCyXQnNdSU4K1j2z4IJrvacQz1PFrL0Tj4lt72jSxikzMBHWsGdFyT90bx0R26GR4YCudKxltozVrKPsUC1cdy1. Fill *Team ID* and *Key ID* with corresponding values found in Apple Developer console.
1. Set Default Scopes to 'openid%20name%20email' to retrieve email, firstname and lastname from apple.