This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

WIP

Apple can be used as a federated authenticator in WSO2 Identity Server.  

How it works

When a user attempts to log in to a client application through Apple Sign In:

  1. The client application initiates the authentication flow by redirecting the browser to the Apple Sign authorization endpoint.
  2. Apple authenticates the user and redirects the user back to the client application with an authorization code.
  3. The client application sends the authorization code to the Apple Sign In token endpoint and requests an ID token in return.
  4. Apple validates the client application's client ID, client secret, and authorization code and responds with an ID token, access token, and refresh token.
  5. The client application 

Configurations

Follow the steps below to configure WSO2 Identity Server to authenticate users using their Apple credentials. 

Before you begin

  1. Register an application on the Apple Developer Portal.

    Make sure you have the following:

    • Client ID: This identifies the requests sent from WSO2 Identity Server to the application.
    • Client secret: This authenticates the requests sent from WSO2 Identity Server to the application.
    • Callback URL: This is the URL to which Apple sends the response after authenticating the user.
  2. Sign in to WSO2 Identity Server Management Console. 

Configuring the identity provider

Follow the steps below to configure WSO2 Identity Server as an identity provider that uses Apple for federated authentication. 

  1. On the Main tab of the Management Console, click Identity > Identity Providers > Add
  2. Enter the required basic information as given below. 

  3. Under Federated Authenticators, click OAuth2/OpenID Connect Configuration, and enter the required values as given below.  

    FieldDescriptionSample Value
    Enable OAuth2/OpenIDConnectSelecting this option enables OAuth2/OpenID Connect to be used as an authenticator for users provisioned to WSO2 Identity Server.Selected
    DefaultSelecting this option signifies that OAuth2/OpenID Connect is used as the main/default form of authentication. Selecting this removes the selection made for any other Default checkboxes for other authenticators.Selected
    Client IdThis is the client key of your Apple application.8437ce9b8cfdf282c92b
    Client SecretThis is the client secret of your Apple application.7219bb5e92f4287cb5134b73760e039e55d235d
    Authorization Endpoint URLThis is the authorization endpoint URL pertaining to Apple Sign In.https://appleid.apple.com/auth/authorize
    Token Endpoint URLThis is the token endpoint URL pertaining to Apple Sign In.https://appleid.apple.com/auth/token
    Callback URLThis is the service provider's URL to which authorization codes are sent. Upon successful authentication, the browser should be redirected to this URL. The URL should be specified in the following format: https://:/acshttps://localhost/callback
    Userinfo Endpoint URLThis is not relevant for this feature.-
    OpenID Connect User ID LocationThis is not relevant for this feature.-
    Additional Query ParametersThese are the additional query parameters that are necessary authenticate users through Apple Sign In.scope=openid email
    Enable HTTP basic auth for client authenticationThis is not relevant for this feature.Unselected
  4. Click Register

You have successfully added the identity provider. 

Configuring the service provider

Follow the steps below to configure the client application as a service provider in WSO2 Identity Server.

  1. In the Main menu of the WSO2 Identity Server Management Console, click Identity > Service Providers > Add

  2. Enter a meaningful name for the client application in the Service Provider Name text box and click Register

  3. Click Inbound Authentication Configuration section and configure based on the authentication protocol that is required for the client application. 

    If your client application uses OpenID Connect, click OAuth/OpenID Connect Configuration > Configure

    1. Enter the callback URL or your Apple application.

    2. Click Register. Note that you will be redirected to the Service Providers screen. 

    For more information on inbound authentication configurations, see Configuring Inbound Authentication for a Service Provider.

  4. Click Local and Outbound Authentication Configuration.

  5. For the Authentication Type, make sure the Federated Authentication radio button is selected, and then select the identity provider as AppleSignIn

  6. Click Update to save the changes.

You have now successfully added and configured the service provider.

Related Topics
  • Identity Federation is part of the process of configuring an identity provider. For more information on how to configure an identity provider, see Configuring an Identity Provider.
  • No labels