Set Up Apple as an IDM Social Identity Provider
To configure Apple as a social identity provider (Sign in with Apple), you'll need an Apple developer account.
You need a client ID and client secret for your application. In the Apple developer portal, the client ID is called a Services ID
.
Log in to the Apple Developer Portal.
Select Certificates, Identifiers and Profiles > Identifiers.
On the Identifiers page, select Register a New Identifier, then select Services IDs.
Enter a Description and Identifier for this Services ID, and make sure that Sign in With Apple is enabled.
Important
The Identifier you specify here will be your OAuth Client ID.
Click Configure.
On the Web Authentication Configuration screen, enter the Web Domain on which IDM runs, and specify the redirect URL used during the OAuth flow (Return URLs).
The redirect URL must have the following format:
https://idm.example.com/redirect
Note
You must use a real domain (FQDN) here. Apple does not allow
localhost
URLs. If you enter an IP address such as127.0.0.1
, it will fail later in the OAuth flow.Click Save > Continue > Register.
Generate the client secret.
Instead of using simple strings as OAuth client secrets, Apple uses a public/private key pair, where the client secret is a signed JWT. To register the private key with Apple:
Select Certificates, Identifiers and Profiles > Keys, then click the
+
icon to register a new key.Enter a Key Name and enable Sign In with Apple.
Click Configure, then select the primary App ID that you created previously.
Apple generates a new private key, in a
.p8
file.Caution
You can only download this key once. Ensure that you save this file, because you will not be able to download it again.
Rename the file to
key.txt
, then locate the Key ID in that file.Use this private key to generate a client secret JWT. Sign the JWT with your private key, using an ES256 algorithm.
To configure an Apple social identity provider, log in to the Admin UI and select Configure > Social ID Providers.
Enable the Apple social identity provider.
In the Apple Provider window, enter the Redirect URI that you set up in "Configure Apple Login".
Enter your Client ID and Client Secret.
When you have configured the Apple social identity provider, you can activate it through User Registration.
In the Admin UI, select Configure > User Registration> Enable User Registration.
On the Social tab, enable Social Registration.
For more information, see "Self-Service End User UI".