An extension to Keycloak that provides support for Sign in with Apple.
Sign in with Apple follows the OIDC standard but uses some unusual parts of the protocol which are not implemented yet in Keycloak. Those specificities are:
The present extension addresses all these requirements.
In Keycloak admin console:
Add an identity provider and select Apple.
Fill Client secret with the base 64 content of your private key file (trim delimiters and new lines).
e.g., if your private key is:
-----BEGIN PRIVATE KEY----- Rp6vMlHPYTHnyucsPvFk8gTzdYtTueMbmVznAtkUKhD9HPcI3bLKDrr0b2mNJLfS tsyvhbpyMUIpaffKQcY7IUuM20ecYBjiyjkLuX5eDQUInWUINfCCyXQnNdSU4K1j 2z4IJrvacQz1PFrL0Tj4lt72jSxikzMBHWsGdFyT90bx0R26GR4YCudKxltozVrK PsUC1cdy -----END PRIVATE KEY-----
then you should set Client secret with:
Rp6vMlHPYTHnyucsPvFk8gTzdYtTueMbmVznAtkUKhD9HPcI3bLKDrr0b2mNJLfStsyvhbpyMUIpaffKQcY7IUuM20ecYBjiyjkLuX5eDQUInWUINfCCyXQnNdSU4K1j2z4IJrvacQz1PFrL0Tj4lt72jSxikzMBHWsGdFyT90bx0R26GR4YCudKxltozVrKPsUC1cdy
Fill Team ID and Key ID with corresponding values found in Apple Developer console.
Set Default Scopes to 'openid%20name%20email' to retrieve email, firstname and lastname from apple.