oauth: add sign-in with apple support (fixes #110)

keratin / authn-server

Authentication service that keeps you in control without forcing you to be an expert in web security.

https://keratin.github.io

GNU Lesser General Public License v3.0

1.28k stars 110 forks source link

oauth: add sign-in with apple support (fixes #110) #243

Closed AlexCuse closed 8 months ago

AlexCuse commented 9 months ago

Implements an oauth provider for sign-in with apple. Requires some additional flexibility in oauth credentials / providers:

Include a map of additional data in credentials.
Allow providers to override secret behavior - configured secret in apple credentials is a private key used to sign a secret calculated at runtime, in this case a JWT that includes additional data as claims.
Allow providers to accept returns as HTTP POST instead of GET.
Allow providers to add additional oauth options to authorization request.

AlexCuse commented 9 months ago

One thing I noticed so far trying to test is that Apple doesn't like including the scopes in the auth request unless response_mode=form_post is specified. Should be pretty straightforward but guess we'll need a post handler for oauth return 😢

AlexCuse commented 8 months ago

One thing I noticed so far trying to test is that Apple doesn't like including the scopes in the auth request unless response_mode=form_post is specified. Should be pretty straightforward but guess we'll need a post handler for oauth return 😢

We just needed to redirect POSTs to the existing handler and allow providers to override the method for routing.