- About User Self-Service
- Configure User Self-Registration
- Configure the User Self-Registration Form
- Configuring Emails for Self-Service Registration
- Configure User Preferences
- Configure Multiple User Self-Registration Flows
- Example Self-Registration REST Requests
- Social Registration
- OpenID Connect Authorization Code Flow
- Many Social Identity Providers, One Schema
- Amazon Social Identity Provider
- Apple Social Identity Provider
- Facebook Social Identity Provider
- Google Social Identity Provider
- Instagram Social Identity Provider
- LinkedIn Social Identity Provider
- Microsoft Social Identity Provider
- Salesforce Social Identity Provider
- Twitter Social Identity Provider
- Setting Up Vkontakte as an IDM Social Identity Provider
- WeChat Social Identity Provider
- WordPress Social Identity Provider
- Yahoo Social Identity Provider
- Custom Social Identity Provider
- Configure the Social Providers Authentication Module
- Account Claiming: Links Between Accounts and Social Identity Providers
- Manage Social Identity Providers Over REST
- Test Social Identity Providers
- Scenarios When Registering With a Social ID
- Social Identity Widgets
- Social Identity Provider Button and Badge Properties
- Progressive Profile
- Configure a Progressive Profile Completion Form
- Progressive Profile Completion and Metadata
- REST Requests in a Progressive Profile Completion Process
- Password Reset
- Username Retrieval
- Additional Configuration
- Configure Notification Emails
- Configure Privacy and Consent
- Configure UMA, Trusted Devices, and Privacy
- Terms & Conditions
- Tokens and User Self-Service
- End User UI Notifications
- Configure Google reCAPTCHA
- Configure Identity Fields
- Configure Security Questions
- Add Custom Policies for Self-Registration and Password Reset
- Self-Service End User UI
- Custom Self-Service Stages
- Self-Service Stage Reference
- All-In-One Registration
- OpenAM Auto-Login Stage
- Attribute Collection Stage
- Captcha Stage
- Conditional User Stage
- Consent Stage
- Email Validation Stage
- IDM User Details Stage
- KBA Security Answer Definition Stage
- KBA Security Answer Verification Stage
- KBA Update Stage
- Local Auto-Login Stage
- Parameters Stage
- Patch Object Stage
- Password Reset Stage
- Self-Registration Stage
- Social User Claim Stage
- Terms and Conditions Stage
- User Query Stage
- IDM Glossary
Apple Social Identity Provider
To configure Apple as a social identity provider (Sign in with Apple), you'll need an Apple developer account.
You need a client ID and client secret for your application. In the Apple developer portal, the client ID is called a
Log in to the Apple Developer Portal.
Select Certificates, Identifiers and Profiles > Identifiers.
On the Identifiers page, select Register a New Identifier, then select Services IDs.
Enter a Description and Identifier for this Services ID, and make sure that Sign in With Apple is enabled.
The Identifier you specify here will be your OAuth Client ID.
On the Web Authentication Configuration screen, enter the Web Domain on which IDM runs, and specify the redirect URL used during the OAuth flow (Return URLs).
The redirect URL must have the following format:
You must use a real domain (FQDN) here. Apple does not allow
localhostURLs. If you enter an IP address such as
127.0.0.1, it will fail later in the OAuth flow.
Click Save > Continue > Register.
Generate the client secret.
Instead of using simple strings as OAuth client secrets, Apple uses a public/private key pair, where the client secret is a signed JWT. To register the private key with Apple:
Select Certificates, Identifiers and Profiles > Keys, then click the
+icon to register a new key.
Enter a Key Name and enable Sign In with Apple.
Click Configure, then select the primary App ID that you created previously.
Apple generates a new private key, in a
You can only download this key once. Ensure that you save this file, because you will not be able to download it again.
Rename the file to
key.txt, then locate the Key ID in that file.
Use this private key to generate a client secret JWT. Sign the JWT with your private key, using an ES256 algorithm.
To configure an Apple social identity provider, log in to the Admin UI and select Configure > Social ID Providers.
Enable the Apple social identity provider.
In the Apple Provider window, enter the Redirect URI that you set up in "Configure Apple Login".
Enter your Client ID and Client Secret.
When you have configured the Apple social identity provider, you can activate it through User Registration.
In the Admin UI, select Configure > User Registration > Enable User Registration.
On the Social tab, enable Social Registration.
For more information, see "Self-Service End User UI".
Apple Social Identity Provider Configuration Details
You can set up the Apple social identity provider through the Admin UI or in a
conf/identityProvider-apple.json file. IDM generates the
identityProvider-apple.json file when you configure and enable this social identity provider in the Admin UI. Alternatively, you can create the file manually.
The following table includes the information shown in the Admin UI Apple Provider pop-up window, along with associated information in the
|Property (UI)||Property (JSON file)||Description|
|Client ID||The client identifier for your Apple App. In the Apple developer portal, the client ID is called a |
|Client Secret||Used with the Client ID to access the applicable Apple API.|
|Scope||An array of strings that allows access to user data.|
|Authorization Endpoint||Typically, |
|Token Endpoint||Endpoint that receives a one-time authorization code, and returns an access token. Typically, |
|Well-Known Endpoint||Access for other URIs. Typically, |
|Issuer||The token issuer. Typically, |
|Not in the Admin UI||Name of the social identity provider.|
|Not in the Admin UI||Configuration class for the authentication module.|
|Not in the Admin UI||Whether to use basic authentication.|
|Not in the Admin UI||Mapping between Apple and IDM.|
For information on social identity provider buttons and badges, see "Social Identity Provider Button and Badge Properties".