Apple OAuth2 strategy for Überauth.
-
Setup your application at Apple Developer Console.
-
Add
:ueberauth_apple
to your list of dependencies inmix.exs
:def deps do [{:ueberauth_apple, "~> 0.1"}] end
-
Add the strategy to your applications:
def application do [applications: [:ueberauth_apple]] end
-
Add Apple to your Überauth configuration:
config :ueberauth, Ueberauth, providers: [ apple: {Ueberauth.Strategy.Apple, []} ]
-
Update your provider configuration:
If you don't have the client secret, generate the client secret:
UeberauthApple.generate_client_secret(%{ client_id: "com.example.service", key_id: "10digitkey", team_id: "teamid", private_key: "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----" })
Use that if you want to read client ID/secret from the environment variables in the compile time:
config :ueberauth, Ueberauth.Strategy.Apple.OAuth, client_id: System.get_env("APPLE_CLIENT_ID"), client_secret: System.get_env("APPLE_CLIENT_SECRET")
-
Include the Überauth plug in your controller:
defmodule MyApp.AuthController do use MyApp.Web, :controller plug Ueberauth ... end
-
Create the request and callback routes if you haven't already:
scope "/auth", MyApp do pipe_through :browser get "/:provider", AuthController, :request get "/:provider/callback", AuthController, :callback end
-
Your controller needs to implement callbacks to deal with
Ueberauth.Auth
andUeberauth.Failure
responses.
For an example implementation see the Überauth Example application.
Depending on the configured url you can initiate the request through:
/auth/apple
Or with options:
/auth/apple?scope=email%20name
By default the requested scope is "name". Scope can be configured either explicitly as a scope
query value on the request path or in your configuration:
config :ueberauth, Ueberauth,
providers: [
google: {Ueberauth.Strategy.Apple, [default_scope: "name email"]}
]
To guard against client-side request modification, it's important to still check the domain in info.urls[:website]
within the Ueberauth.Auth
struct if you want to limit sign-in to a specific domain.
Please see LICENSE for licensing details.