Apple
Allows users to authenticate using their Apple ID.
Preparation
danger
An Apple developer account is required for this.
The following placeholders will be used:
authentik.company
is the FQDN of the authentik install.
Apple
- Log into your Apple developer account, and navigate to Certificates, IDs & Profiles, then click Identifiers in the sidebar.
- Register a new Identifier with the type of App IDs, and the subtype App.
- Choose a name that users will recognise for the Description field.
- For your bundle ID, use the reverse domain of authentik, in this case
company.authentik
. - Scroll down the list of capabilities, and check the box next to Sign In with Apple.
- At the top, click Continue and Register.
- Register another new Identifier with the type of Services IDs.
- Again, choose the same name as above for your Description field.
- Use the same identifier as above, but add a suffix like
signin
oroauth
, as identifiers are unique. - At the top, click Continue and Register.
- Once back at the overview list, click on the just-created Identifier.
- Enable the checkbox next to Sign In with Apple, and click Configure
- Under domains, enter
authentik.company
. - Under Return URLs, enter
https://authentik.company/source/oauth/callback/apple/
.
- Click on Keys in the sidebar. Register a new Key with any name, and select Sign in with Apple.
- Click on Configure, and select the App ID you've created above.
- At the top, click Save, Continue and Register.
- Download the Key file and note the Key ID.
- Note the Team ID, visible at the top of the page.
authentik
Under Directory -> Federation & Social login Click Create Apple OAuth Source
Name:
Apple
Slug:
apple
Consumer Key: The identifier from step 9, then
;
, then your Team ID from step 19, then;
, then the Key ID from step 18.Example:
io.goauthentik.dev-local;JQNH45HN7V;XFBNJ82BV6
Consumer Secret: Paste the contents of the keyfile you've downloaded
Save, and you now have Apple as a source.
note
For more details on how-to have the new source display on the Login Page see here.