Sign in with Apple Authentication

Forem allows you to authenticate using Sign in with Apple. In order to use this authentication method you'll need to be enrolled to the Apple Developer Program in order to retrieve the necessary credentials and an HTTPS supported URL for the callback configuration (HTTP won't work). Then you'll need to provide the keys to the Rails application.

Beta support

This authentication provider is currently marked as beta. This means it will be available but hidden from public access until more thoroughly tested.

If you want to make this feature publicly available (without the state parameter) you can enable the apple_auth feature flag from the Flipper dashboard or the Rails console with Flipper.enable(:apple_auth).

Apple Developer Portal Configuration

Register/Sign in to your Apple Developer Account.

Service ID Configuration

  1. Create a Service ID

Create Service ID

  1. Name the Service and finalize the registration

Naming Service ID

  1. Configure Domains and Subdomains & the callback URL. This example uses ngrok for HTTPS support.

Callback URLS

Key Configuration

  1. Register a new Key. Enable the "Sign in with Apple" option and configure it so it's associated with the corresponding App ID

Register a new Key

  1. Download the Key

Download the Key

Configuring the Rails Application

Now with both the Service ID and Key you'll need to enable Apple Authentication and pass in the credentials in the admin dashboard /admin/customization/config.

Admin Authentication Configuration Dashboard

Add the corresponding configuration data. Make sure the PEM key you downloaded has explicit linebreaks (\n), don't forget the one at the very end of it.

Apple config

Save the changes and restart your server for these values to take effect.

Email configuration

Apple uses what they call Private Email Relay Service to hide user's emails. For this to work first create a new email source.

Email configuration

Emails sent need to be authenticated and the configuration depends on the different providers available: