Warning |
---|
WIP |
Apple can be used as a federated authenticator in WSO2 Identity Server.
How it works
When a user attempts to log in to a client application through Apple Sign In:
- The client application initiates the authentication flow by redirecting the browser communicating with WSO2 Identity Server.
- WSO2 Identity Server redirects the user to the Apple Sign authorization endpointIn page.
- Apple authenticates the user and redirects the user back to the client application WSO2 Identity Server with an authorization code.
- The client application WSO2 Identity Server sends the authorization code to the Apple Sign In token endpoint and requests an ID token in return.
- Apple validates the client application's client ID, client secret, and authorization code and responds with an ID token, access token, and refresh token.
- The client application
...
- WSO2 Identity Server validates the received ID token and extracts the authenticated user information.
- WSO2 Identity Server completes the authentication flow by redirecting back to the client application with the authenticated user information.
Configurations
Follow the steps below to configure WSO2 Identity Server to authenticate users using their Apple credentials.
...
Configuring the identity provider
Follow the steps below to To configure WSO2 Identity Server as an identity provider that uses Apple for federated authentication. :
- On the Main tab of the Management Console, click Identity > Identity Providers > Add.
Enter the required basic information as given belowThe Add New Identity Provider screen appears. Enter a meaningful name in the Identity Provider Name text box, e.g.,
AppleSignIn
.Under Federated Authenticators, click OAuth2/OpenID Connect Configuration, and enter the required values as given below.
Field Description Sample Value Enable OAuth2/OpenIDConnect Selecting this option enables OAuth2/OpenID Connect to be used as an authenticator for users provisioned to WSO2 Identity Server. Selected Default Selecting this option signifies that OAuth2/OpenID Connect is used as the main/default form of authentication. Selecting this removes the selection made for any other Default checkboxes for other authenticators. Selected Client Id This is the client key
of your Apple application.8437ce9b8cfdf282c92b
idp.demologin.com
Client Secret This is the client secret
of your Apple application.7219bb5e92f4287cb5134b73760e039e55d235d
Authorization Endpoint URL This is the authorization endpoint URL pertaining to Apple Sign In. https://appleid.apple.com/auth/authorize
Token Endpoint URL This is the token endpoint URL pertaining to Apple Sign In. https://appleid.apple.com/auth/token
Callback URL This is the service provider's URL to which authorization codes
are sent. Upon successful authentication, the browser should be redirected to this URL. The URL should be specified in the following format:https://:/acs
https://localhost/callback
Userinfo Endpoint URL This is not relevant for this feature. - OpenID Connect User ID Location This is not relevant for this feature. - Additional Query Parameters These are the additional query parameters that are necessary to authenticate users through Apple Sign In. scope=openid email
Enable HTTP basic auth for client authentication This is not relevant for this feature.Unselected Warning Make sure to keep it unselected.
- Click Register.
You have successfully added the identity provider.
Configuring the service provider
Follow the steps below to To configure the client application as a service provider in WSO2 Identity Server.:
In the Main menu of the WSO2 Identity Server Management Console, click Identity > Service Providers > Add.
The Add New Service Provider screen appears.
Enter a meaningful name for the client application in the Service Provider Name text box and click Register. The Service Providers screen appears.
Click Inbound Authentication Configuration section and configure based on the authentication protocol that is required for the client application.
theTip If your client application uses OpenID Connect, click OAuth/OpenID Connect Configuration > Configure.
Enter
orthe
callback URL
.or your Apple application.
Click Register. Note that you will be redirected to the Service Providers screen
, which displays the
client key
andclient secret
.
Info For more information on inbound authentication configurations, see Configuring Inbound Authentication for a Service Provider.
Click Under Local and Outbound Authentication Configuration.For the Authentication Type, make sure the section, select Federated Authentication as the Federated Authentication radio button is selected, and then select the identity provider as
AppleSignIn
.Click Update to save the changes.
You have now successfully added and configured the service provider.
...
title | Related Topics |
---|
...
You can now try to log in to the client application with your Apple ID.