Sign in with Apple
Using Sign in with Apple allows users to create an account in the i-net PDFC server using their existing Apple ID. Users will get a seamless login experience using native dialogs on Apple devices, using the Safari browser. Due to Apple's focus on privacy and security, users can be sure, that their data is transmitted and verified in the most secure way. Users can also leverage the private email relay service using Sign in with Apple.
The configuration of the login provider requires an Apple Developer account, the enrollment in the Apple Developer Program, as well as the following:
-
An Application ID, enabled for Sign in with Apple
-
A Service ID, also enabled for Sign in with Apple
-
A Sign in with Apple private key
The configuration will ask for the following information:
-
Client ID: the Service ID's identifier
-
Team ID: the ID of your user's developer team
-
Private Key ID: the ID of your private key
-
Private Key: the actual private key. It is stored securely in the persistence.
-
Redirect URL: use this URL in the configuration of the Service ID
Creating an Application ID
The Application ID with the capability Sign in with Apple is required to tie the private key and team together. To create a new Application ID, follow the steps:
-
Go to the Certificates, Identifiers & Profiles manager
-
Select Identifiers and click
(+)
at the title -
Select App IDs on the screen Register a new identifier, Then select App as type
-
You have to select a Team ID as App ID Prefix
-
Enter a Bundle ID, such as
com.mycompany.oauth
-
Enter the Description to easily identify this App ID from the overview
-
Scroll down the list of capabilities and check Sign in with Apple
-
There is an Edit where you can select the App ID to be primary or grouped with an existing ID.
-
The Sever-To-Server Notification Endpoint does not have to be set, since the i-net PDFC does not support it.
-
By clicking continue, you will now create a new Application ID, enabled with Sign in with Apple. Later-on you may edit this App ID, or any other, to modify the capabilities.
Creating a Service ID
The Service ID will be used as client_id
during the authorization of your users. To create the Service ID, please follow the steps:
-
Go to the Certificates, Identifiers & Profiles manager.
-
Select Identifiers and click
(+)
at the title. -
Select Service IDs on the screen Register a new identifier.
-
Enter the Description to easily identify this Service ID from the overview.
-
Enter the Identifier which effectively is the
client_id
.-
In contrast to other providers, Apple suggests a readable reverse-domain name style string. The
client_id
is a publicly known string which will be visible in the browser during redirection to Apple's sign-in servers.
-
-
Select Sign in with Apple to be enabled for your Service ID.
-
Click Configure to set up the identifier.
-
You have to insert the Website URLs of your server now. First, a list of Domains and Subdomains, from where you are going to access the Apple authentication service. That is, the URL of your i-net PDFC server.
-
Secondly, you have to set up the Return URLs. These URLs will be used to redirect users back to the i-net PDFC server. Please use the FQDN displayed in the configuration dialog here. You may enter multiple URLs here as well, so that you can use this Service ID on multiple servers.
-
To finish the registration, select Continue and then Register.
Creating the Private Key
The Private Key, when created, consists of two parts of information that are required in the i-net PDFC configuration: the Key ID and the Private Key itself. The Key ID is the name, generated by Apple, for your Key. The Private Key is a file that you will download after it was generated. You have to upload the file to the i-net PDFC server, where it is stored securely in the file persistence.
To create the Private Key, please follow the steps:
-
Go to the Certificates, Identifiers & Profiles manager.
-
Select Keys and click
(+)
at the title -
Enter a Key Name in the Register a New Key screen
-
Select Sign in with Apple from the list and click Configure to set up the key
-
Select the Primary App ID, the one created in the step before
-
Click Save
-
-
Click Continue at the top right, then click Register
Now, during key creation, you will be offered to download the Private Key. This is critical as it will not be displayed again after being downloaded. Also, the screen shows the Key ID which you have to use in the i-net PDFC configuration. Please store both, the Key ID and the Private Key in a secure location. It will be used to verify authenticated users.