Skip to content

feat(apple-oidc): support iOS AuthenticationServices Sign In with Apple flow #247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
aryasaatvik wants to merge 2 commits into from
Closed

feat(apple-oidc): support iOS AuthenticationServices Sign In with Apple flow #247

aryasaatvik wants to merge 2 commits into from

Conversation

@aryasaatvik
Copy link
Contributor

@aryasaatvik aryasaatvik commented Apr 5, 2025
edited
Loading

branched from #246 which fixed issues in Apple OIDC provider

resolves #210

adds support for direct integration with iOS/macOS AuthenticationServices (Sign in with Apple) by updating the AppleOidcProvider to validate Apple ID tokens via the client_credentials grant type.

Previously, OpenAuth had no way to directly validate Apple ID tokens obtained from iOS apps using the native Sign in with Apple flow. This required app developers to either:

  1. Implement a separate authentication service for iOS
  2. Use a custom web view that disrupted the native iOS experience
  3. Send tokens to a custom backend for validation

This PR extends the OpenAuth client_credentials grant type to handle Apple ID token verification, allowing iOS applications to authenticate directly with the OpenAuth server:

  1. The iOS app obtains an ID token through Apple's ASAuthorizationAppleIDProvider
  2. The app sends this token to OpenAuth's /token endpoint via client_credentials grant
  3. OpenAuth validates the token against Apple's JWKS and returns OpenAuth access/refresh tokens
  4. The iOS app uses these tokens like any other OpenAuth client

@aryasaatvik
feat(oidc): support auth code flow with OIDC providers
2ebd85f 
- Added `clientSecret` and `responseType` options to the Apple OIDC provider.
- Updated OIDC configuration to include `tokenEndpointAuthMethod`.
- Implemented handling for authorization code flow in the OIDC provider, including token exchange logic.
@aryasaatvik
feat(apple-oidc): support client_credentials flow for iOS Authenticat…
fbb07dd 
…ionServices

- Improved error handling for missing or invalid provider and client credentials in the issuer function.
- Updated Apple OIDC provider to support client_credentials flow using Apple ID Token, including verification of id_token and app_id.
- Made clientSecret optional in the provider interface to accommodate varying provider implementations.
@changeset-bot
Copy link

changeset-bot bot commented Apr 5, 2025

⚠️ No Changeset found

Latest commit: fbb07dd

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@aryasaatvik aryasaatvik mentioned this pull request Apr 5, 2025
Open
@aryasaatvik aryasaatvik closed this by deleting the head repository May 18, 2025
@wootencl
Copy link

wootencl commented May 28, 2025
edited
Loading

Hey @aryasaatvik, a bit delayed here but was following along. What was the reason for closing?

@ahwelgemoed
Copy link

ahwelgemoed commented Jun 24, 2025

Was following here but I think it will be resolved here #284

nullfunc added a commit to DefangLabs/openauth that referenced this pull request Sep 4, 2025
@lionello @nullfunc
gitlab auth (anomalyco#247)
04f79a0 
Co-authored-by: Eric Liu <[email protected]>
Co-authored-by: Eric Liu <[email protected]>
nullfunc added a commit to DefangLabs/openauth that referenced this pull request Sep 4, 2025
@lionello @nullfunc
gitlab auth (anomalyco#247)
9ea7bad 
Co-authored-by: Eric Liu <[email protected]>
Co-authored-by: Eric Liu <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enable native iOS/Android Sign in with Apple/Google login flows

3 participants

@aryasaatvik @wootencl @ahwelgemoed