WeChat ID
aaronpk_tv
-
Ben Sandofsky
https://twitter.com/sandofsky
•
Jun 3
Wow. Apple sign-in support is mandatory? https://developer.apple.com/news/?id=06032019j
Sounds like they are requiring Apple Sign-In to be an option if any other third party sign-in is also provided. Good move IMO, better for users! This will stop apps from having just a "Sign in with Facebook" option. -
Not that I've been able to find! Also can't find their userinfo or introspection endpoints. I also had to guess their authorization endpoint because it's not in their docs.
-
So far there's no docs on what you can do with the access token. I suspect using it may require also including the client_secret which is a signed JWT, or who knows. Here's the working code: https://github.com/aaronpk/sign-in-with-apple-example
-
So far there is no indication that'll be possible.
-
Aaron Parecki
https://aaronparecki.com/
•
Jun 3
weirdnesses:
• Their token endpoint requires setting a User-Agent header, otherwise responds with an HTML error
• Client secrets are a signed JWT using ECDSA + SHA256
• An email address isn't returned even when requesting the `email` scope
If you're interested, here is my sample code I was able to use to get an access token and ID token from Apple
https://github.com/aaronpk/sign-in-with-apple-example -
They have some docs here https://developer.apple.com/sign-in-with-apple/get-started/ but their docs are missing quite a bit right now. I had to guess at some endpoints and things.
-
Marc Köhlbrugge
https://twitter.com/marckohlbrugge
•
Jun 3
Some ppl pointed out this is probably “just” an implementation of OAuth w/ email forwarding on top.
That’s probably correct. However, what sets Apple apart from the other major OAuth providers (mainly Facebook & Google) is that Apple is not in the business of selling your data.
I just tried it out and it's OAuth + OpenID Connect with a little bit of Apple uniqueness sprinkled in. -
Aaron Parecki
https://aaronparecki.com/
•
Jun 3
Initial test of the "Sign in with Apple" API:
• It's more or less based on OAuth + OIDC
• Their documentation is missing a lot of key info to use it right now, I had to guess at a lot of things
• The `sub` claim includes some sort of unique user identifier, not an email
weirdnesses:
• Their token endpoint requires setting a User-Agent header, otherwise responds with an HTML error
• Client secrets are a signed JWT using ECDSA + SHA256
• An email address isn't returned even when requesting the `email` scope -
Initial test of the "Sign in with Apple" API:
• It's more or less based on OAuth + OIDC
• Their documentation is missing a lot of key info to use it right now, I had to guess at a lot of things
• The `sub` claim includes some sort of unique user identifier, not an email -
📷 PhotoJoseph 🎥
https://twitter.com/photojoseph
•
Jun 3
DIRECT IMPORT INTO LIGHTROOM ON iPadOS!!!!!! Finally. Fi. Na. Lly.
I definitely thought of you when they announced that! -
Portland, Oregon • Sun, June 2, 2019 10:51am#pedalpalooza — with anomalily
-
at Nectar CafePortland, Oregon • Sun, June 2, 2019 8:17am#pedalpalooza tofu and mimosas ride! 🍾🚲 — with anomalily -
Portland, Oregon • Sat, June 1, 2019 3:33pm
