Ludovic Frank - Freelance developer

Making "Sign in with Apple" work with Symfony

ionicons-v5-k Ludovic Frank Apr 22, 2021
70 reads Level:

Ahhhh, passwords ... I've already talked about them in a previous article, but in this one we're going to talk about a method for saving our dear little users from having to remember their passwords...

Apple now makes it possible to "sign in with Apple", basically the same thing as Google, Facebbok and all the others. But! the Apple way...
In this article, we'll look at how to integrate this feature into a Symfony application.

You need Apple developer access to access "sign in with Apple".

To get started, you'll need to pay 99 euros for an Apple Developer account... Yes, it's Apple!
Once you have this account, you can follow this tutorial to retrieve the identifiers and keys needed to operate "sign in with apple". The tutorial is written for a Discourse instance, but you can follow it to generate just the information you'll need.

"Sign in with Apple" in a Symfony application

Well, you've got all the credentials and keys you need to connect your web application to "Sign in With Apple", so like a good student you rush off to HWIOAuthBundle...
And then the first problem arises: in the bundle documentation, you see that you need a "client_id" and a "client_secret", just like all other OAuth providers. You've got the client_id, but what about the client_secret?
Apple only provides an "EC" key in P8 format.

The client_secret is a JsonWebToken.

Yes, in fact, you'll have to generate your secret client using the key supplied by Apple, but don't worry, it's very simple. But this token is due to expire in 6 months at the most, which means you'll need to regenerate it at least once every 6 months... so why not automate this rather than copying and pasting and wasting time?

To generate it, simply follow this little Ruby script, after doing a little "gem install jwt".

Replace the information at the top of the file with your own, then place your private key (in p8 format) in the same folder (the basic script looks for key.txt, but you can of course change this variable).

All you have to do is click on "ruby apple-json-web-token.rb" and your client_secret, valid for 6 months, will appear before your very eyes.


As is often the case, Apple has its own way of doing things, so simply using the HWIOAuthBundle isn't enough. After all, it's perfectly possible to override the RessourceOwner provided by the bundle to generate the JWT automatically. But I'll leave you to find out
on your own.
Have a great week?