Aaron Parecki

Marty McGuire https://martymcgui.re/ • Jun 4
I am excited to see this as part of indielogin.com, but I don’t yet see a clear identifier that I could put on my homepage to say “yep, that’s my Apple account”!

I suspect the identifier returned is also scoped per app like their advertising IDs, but have not yet confirmed this.

Portland, Oregon

Tue, Jun 4, 2019 10:16am -07:00
Brandon Carroll https://twitter.com/bcarroll22 • Jun 4
If you have a native and a web app, and a user creates their account with Apple sign in through your app, I wonder how you sign in with that account in your web app? Is Apple sign in basically just oauth with a fake email address you don’t know? And what’s your password?

It's just OAuth. Sign In with Apple isn't limited to mobile apps. Here's a demo of doing it in a web app. https://github.com/aaronpk/sign-in-with-apple-example

Portland, Oregon

1 like 1 reply

Mon, Jun 3, 2019 9:13pm -07:00
Seth A. Roby https://twitter.com/TALlama • Jun 4
I haven’t looked into the tech specs yet; but I’m assuming it’s just WebauthN or OAuth under the hood. If so it shouldn’t be hard to support.

It is OAuth! https://github.com/aaronpk/sign-in-with-apple-example

Portland, Oregon

1 like

Mon, Jun 3, 2019 7:59pm -07:00
Dana Fried https://twitter.com/leftoblique • Jun 4
Isn't there a single open standard being used under the hood by most of the big sign in providers now? I was under the impression that they're all OAuth or something?

I've been testing out the new API and it's definitely OAuth/OpenID Connect. But it's true that this will add more work for developers, both just getting this set up and also dealing with a new kind of account identifier.

Portland, Oregon

3 likes

Mon, Jun 3, 2019 6:01pm -07:00
Ben Sandofsky https://twitter.com/sandofsky • Jun 3
Wow. Apple sign-in support is mandatory? https://developer.apple.com/news/?id=06032019j

Sounds like they are requiring Apple Sign-In to be an option if any other third party sign-in is also provided. Good move IMO, better for users! This will stop apps from having just a "Sign in with Facebook" option.

Portland, Oregon, USA

22 likes 1 reply

Mon, Jun 3, 2019 4:49pm -07:00
Barry Dorrans https://twitter.com/blowdart • Jun 3
Oof no discovery document? Blah

Not that I've been able to find! Also can't find their userinfo or introspection endpoints. I also had to guess their authorization endpoint because it's not in their docs.

Portland, Oregon

1 like 1 reply

Mon, Jun 3, 2019 4:29pm -07:00
Barry Dorrans https://twitter.com/blowdart • Jun 3
No token binding? 😒

So far there's no docs on what you can do with the access token. I suspect using it may require also including the client_secret which is a signed JWT, or who knows. Here's the working code: https://github.com/aaronpk/sign-in-with-apple-example

Portland, Oregon, USA

3 replies

Mon, Jun 3, 2019 4:01pm -07:00
Jhonny https://twitter.com/JhonnyBillM • Jun 3
Do you know if I can request users profile picture ?

So far there is no indication that'll be possible.

Portland, Oregon

1 like

Mon, Jun 3, 2019 3:45pm -07:00
@fluffy https://queer.party/@fluffy • Jun 3
@aaronpk Cool that they're using an open protocol! I still wish it were one with a better federation story though. Anyone should be able to provide any identity to anyone, rather than being beholden to the handful that any given website decides to support.

I totally agree! https://indieauth.net/

Portland, Oregon

1 reply

Mon, Jun 3, 2019 3:38pm -07:00
Aaron Parecki https://aaronparecki.com/ • Jun 3
weirdnesses:

• Their token endpoint requires setting a User-Agent header, otherwise responds with an HTML error
• Client secrets are a signed JWT using ECDSA + SHA256
• An email address isn't returned even when requesting the `email` scope

If you're interested, here is my sample code I was able to use to get an access token and ID token from Apple

https://github.com/aaronpk/sign-in-with-apple-example

Portland, Oregon, USA

31 likes 12 reposts 2 replies

Mon, Jun 3, 2019 3:20pm -07:00
@fluffy https://queer.party/@fluffy • Jun 3
@aaronpk I wonder what the underlying protocol is and if anyone can join in as an identity provider. I'm not any more enamored with Apple as identity service as with Twitter or Facebook.

It's OAuth + OIDC, and they are becoming an identity provider with this. I do think they're better for this than Twitter/Facebook since they aren't in the business of selling user data.

Portland, Oregon

1 like 1 reply

Mon, Jun 3, 2019 2:38pm -07:00
Blaine Cook https://twitter.com/blaine • Jun 3
Oh, nice, where did you find the details?

They have some docs here https://developer.apple.com/sign-in-with-apple/get-started/ but their docs are missing quite a bit right now. I had to guess at some endpoints and things.

Portland, Oregon, USA

6 likes 1 reply

Mon, Jun 3, 2019 2:29pm -07:00
Marc Köhlbrugge https://twitter.com/marckohlbrugge • Jun 3
Some ppl pointed out this is probably “just” an implementation of OAuth w/ email forwarding on top.

That’s probably correct. However, what sets Apple apart from the other major OAuth providers (mainly Facebook & Google) is that Apple is not in the business of selling your data.

I just tried it out and it's OAuth + OpenID Connect with a little bit of Apple uniqueness sprinkled in.

Portland, Oregon, USA

4 likes

Mon, Jun 3, 2019 2:29pm -07:00
Aaron Parecki https://aaronparecki.com/ • Jun 3
Initial test of the "Sign in with Apple" API:

• It's more or less based on OAuth + OIDC
• Their documentation is missing a lot of key info to use it right now, I had to guess at a lot of things
• The `sub` claim includes some sort of unique user identifier, not an email

weirdnesses:

• Their token endpoint requires setting a User-Agent header, otherwise responds with an HTML error
• Client secrets are a signed JWT using ECDSA + SHA256
• An email address isn't returned even when requesting the `email` scope

Portland, Oregon, USA

12 likes 1 repost 2 replies

Mon, Jun 3, 2019 2:24pm -07:00
📷 PhotoJoseph 🎥 https://twitter.com/photojoseph • Jun 3
DIRECT IMPORT INTO LIGHTROOM ON iPadOS!!!!!! Finally. Fi. Na. Lly.

I definitely thought of you when they announced that!

Portland, Oregon

1 like

Mon, Jun 3, 2019 11:43am -07:00
mike https://twitter.com/k5m_diary • May 31
First drink in Germany per shareholder vote.

I didn't mean drink it all at once!

Portland, Oregon

Fri, May 31, 2019 5:44pm -07:00
Jack Jamieson https://jackjamieson.net/author/jackjamieson/ • May 29
a post by Aaron Parecki
I didn’t realize that you’re in Toronto! I hope your talk went well and that you’re having a great time here!

Thanks! Short trip but I'm sure I'll be back!

I really need a good solution for letting people know where I'll be traveling to! Sounds like a good IndieWebCamp project.

Toronto, Ontario

Wed, May 29, 2019 10:23pm -04:00
May 28
Poll: if you’re a musician 🎵 (play an instrument 🎸🎷🥁🎹, sing 🎤, write 🎼, produce or anything related), professionally or as a hobby, please reply with what you do and a link, if you want to share. I’ll then collect and post a summary.

🎹🎼 https://100.aaronparecki.com

Toronto, Ontario

1 reply

Tue, May 28, 2019 10:02pm -04:00
Imaginary G https://twitter.com/TheHammerSpeaks • May 28
Risky click?

but not that tweet 😉

Toronto, Ontario

Tue, May 28, 2019 8:36am -04:00
danielpunkass https://micro.blog/danielpunkass • May 27
@robothive Hi Rob - it definitely makes it seem possible that I could support it, which is a big step forward from before. Still a lot of work and I'm not sure how big the audience is. Will add it to my list to consider!

This is exactly why we need common open standards. We shouldn't need every service and every app developer to have to make these decisions about whether to support each other on a case-by-case basis.

Using open standards means app developers can implement once and work with all servers that support the standard.

Toronto, Ontario

2 likes 1 mention

Mon, May 27, 2019 5:38pm -04:00

older