Initial test of the "Sign in with Apple" API: * It's more or less based on OAuth + OIDC * Their documentation is missing a lot of key info to use it right now, I had to guess at a lot of things * The `sub` claim includes some sort of unique user identifier, not an email
4
20
65
weirdnesses: * Their token endpoint requires setting a User-Agent header, otherwise responds with an HTML error * Client secrets are a signed JWT using ECDSA + SHA256 * An email address isn't returned even when requesting the `email` scope

Jun 3, 2019 · 9:27 PM UTC

2
9
If you're interested, here is my sample code I was able to use to get an access token and ID token from Apple github.com/aaronpk/sign-in-w…

GitHub - aaronpk/sign-in-with-apple-example: Sample code for the Sign in with Apple API

Sample code for the Sign in with Apple API. Contribute to aaronpk/sign-in-with-apple-example development by creating an account on GitHub.

github.com
1
9
28
Replying to @aaronpk
That client secret :-) so quirky, why not just call it private_key_jwt client auth and use the proper client assertion format. Also, if the key is provided by apple i'm assuming non-repudiation is off the table. Looking forward to do testing of my own using node's openid-client