Initial test of the "Sign in with Apple" API: * It's more or ... • Aaron Parecki

44°F

Initial test of the "Sign in with Apple" API:

• It's more or less based on OAuth + OIDC
• Their documentation is missing a lot of key info to use it right now, I had to guess at a lot of things
• The `sub` claim includes some sort of unique user identifier, not an email

Portland, Oregon, USA

Mon, Jun 3, 2019 2:21pm -07:00 #oauth

74 likes 23 reposts 8 replies
Have you written a response to this? Let me know the URL:
- Marty McGuire martymcgui.re
  
  I am excited to see this as part of indielogin.com, but I don’t yet see a clear identifier that I could put on my homepage to say “yep, that’s my Apple account”!
  
  Tue, Jun 4, 2019 12:42pm -04:00
- Marty McGuire martymcgui.re
  
  I am excited to see this as part of indielogin.com, but I don’t yet see a clear identifier that I could put on my homepage to say “yep, that’s my Apple account”!
  
  Tue, Jun 4, 2019 12:42pm -04:00
- Jhonny twitter.com/JhonnyBillM
  
  Ugh, I understand.
  Thank you
  
  Mon, Jun 3, 2019 10:58pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  So far there is no indication that'll be possible.
  
  Mon, Jun 3, 2019 10:45pm +00:00 (via brid-gy.appspot.com)
- Jhonny twitter.com/JhonnyBillM
  
  Do you know if I can request users profile picture ?
  
  Mon, Jun 3, 2019 10:43pm +00:00 (via brid-gy.appspot.com)
- Even André Fiskvik twitter.com/grEvenX
  
  Thanks 🙏 Really interested in this one, hope it won’t be flawed by technical “sillyness” like in the previous incarnations of the AuthenticationServices
  
  Mon, Jun 3, 2019 9:56pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  They have some docs here developer.apple.com/sign-in-with-a… but their docs are missing quite a bit right now. I had to guess at some endpoints and things.
  
  Mon, Jun 3, 2019 9:31pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki aaronparecki.com
  
  weirdnesses:
  
  • Their token endpoint requires setting a User-Agent header, otherwise responds with an HTML error
  • Client secrets are a signed JWT using ECDSA + SHA256
  • An email address isn't returned even when requesting the `email` scope
  
  Mon, Jun 3, 2019 2:24pm -07:00

Posted in /notes using quill.p3k.io