Page Comparison

Apple can be used as a federated authenticator in WSO2 Identity Server.  

...

1. The client application initiates the authentication flow by redirecting the browser communicating with WSO2 Identity Server.
2. WSO2 Identity Server redirects the user to the Apple Sign authorization endpointIn page.
3. Apple authenticates the user and redirects the user back to the client application WSO2 Identity Server with an authorization code.
4. The client application WSO2 Identity Server sends the authorization code to the Apple Sign In token endpoint and requests an ID token in return.
5. Apple validates the client application's client ID, client secret, and authorization code and responds with an ID token, access token, and refresh token.The client application 
6. WSO2 Identity Server validates the received ID token and extracts the authenticated user information.
7. WSO2 Identity Server completes the authentication flow by redirecting back to the client application with the authenticated user information.

Image Modified

Configurations

Follow the steps below to configure WSO2 Identity Server to authenticate users using their Apple credentials. 

...

1. On the Main tab of the Management Console, click Identity > Identity Providers > Add. 
   The Add New Identity Provider screen appears.
   

2. Enter a meaningful name in the Identity Provider Name text box, e.g., AppleSignIn. 

3. Under Federated Authenticators, click OAuth2/OpenID Connect Configuration, and enter the required values as given below. 

   Field	Description	Sample Value
   Enable OAuth2/OpenIDConnect	Selecting this option enables OAuth2/OpenID Connect to be used as an authenticator for users provisioned to WSO2 Identity Server.	Selected
   Default	Selecting this option signifies that OAuth2/OpenID Connect is used as the main/default form of authentication. Selecting this removes the selection made for any other Default checkboxes for other authenticators.	Selected
   Client Id	This is the client key of your Apple application.	8437ce9b8cfdf282c92bidp.demologin.com
   Client Secret	This is the client secret of your Apple application.7219bb5e92f4287cb5134b73760e039e55d235d
   Authorization Endpoint URL	This is the authorization endpoint URL pertaining to Apple Sign In.	https://appleid.apple.com/auth/authorize
   Token Endpoint URL	This is the token endpoint URL pertaining to Apple Sign In.	https://appleid.apple.com/auth/token
   Callback URL	This is the service provider's URL to which authorization codes are sent. Upon successful authentication, the browser should be redirected to this URL. The URL should be specified in the following format: https://:/acs	https://localhost/callback
   Userinfo Endpoint URL	This is not relevant for this feature.	-
   OpenID Connect User ID Location	This is not relevant for this feature.	-
   Additional Query Parameters	These are the additional query parameters that are necessary authenticate users through Apple Sign In.	scope=openid email
   Enable HTTP basic auth for client authentication	This is not relevant for this feature.Unselected	Note Make sure to keep it unselected.

4. Click Register. 

You have successfully added the identity provider. 

...