Apple
Documentation​
https://developer.apple.com/sign-in-with-apple/get-started/
Configuration​
https://developer.apple.com/account/resources/identifiers/list/serviceId
Options​
The Apple Provider comes with a set of default options:
You can override any of the options to suit your own use case.
Generating a secret​
Apple requires the client secret to be a JWT. To generate one, you can use the following script: https://bal.so/apple-gen-secret.
For more information, see the Apple docs
Then, you can paste the result into your .env.local
file under APPLE_SECRET
, so you can refer to it from your code:
import AppleProvider from "next-auth/providers/apple";
...
providers: [
AppleProvider({
clientId: process.env.APPLE_ID,
clientSecret: process.env.APPLE_SECRET
})
]
...
The TeamID is located on the top right after logging in.
The KeyID is located after you create the key. Look for it before you download the k8 file.
Testing on a development server​
Apple requires all sites to run HTTPS (including local development instances).
Apple doesn't allow you to use localhost in domains or subdomains.
Host name resolution​
Edit your host file and point your site to 127.0.0.1
.
Linux/macOS
echo '127.0.0.1 dev.example.com' | sudo tee -a /etc/hosts
Windows (run PowerShell as administrator)
Add-Content -Path C:\Windows\System32\drivers\etc\hosts -Value "127.0.0.1 dev.example.com" -Force
More info: How to edit my host file?
Create certificate​
Create a directory certificates
and add the certificate files localhost.key
and localhost.crt
, which you generate using OpenSSL:
Linux/macOS
openssl req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj "/CN=localhost" -extensions EXT -config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
Windows
The OpenSSL executable is distributed with Git for Windows. Once installed you will find the openssl.exe file in C:\Program Files\Git\mingw64\bin
, which you can add to the system PATH environment variable if it’s not already done.
Add environment variable OPENSSL_CONF=C:\Program Files\Git\mingw64\ssl\openssl.cnf
req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj "/CN=localhost"
Deploy to server​
You can create a server.js
in the root of your project and run it with node server.js
to test Sign in with Apple integration locally:
const { createServer } = require("https")
const { parse } = require("url")
const next = require("next")
const fs = require("fs")
const dev = process.env.NODE_ENV !== "production"
const app = next({ dev })
const handle = app.getRequestHandler()
const httpsOptions = {
key: fs.readFileSync("./certificates/localhost.key"),
cert: fs.readFileSync("./certificates/localhost.crt"),
}
app.prepare().then(() => {
createServer(httpsOptions, (req, res) => {
const parsedUrl = parse(req.url, true)
handle(req, res, parsedUrl)
}).listen(3000, (err) => {
if (err) throw err
console.log("> Ready on https://localhost:3000")
})
})