socialiteproviders / apple
Apple OAuth2 Provider for Laravel Socialite
Requires
- php: ^8.0
- ext-json: *
- ext-openssl: *
- firebase/php-jwt: ^7.0
- lcobucci/clock: ^2.0 || ^3.0
- lcobucci/jwt: ^4.1.5 || ^5.0.0
- socialiteproviders/manager: ^4.4
Suggests
- ahilmurugesan/socialite-apple-helper: Automatic Apple client key generation and management.
README
composer require socialiteproviders/apple
Installation & Basic Usage
Please see the Base Installation Guide, then follow the provider specific instructions below.
Add configuration to config/services.php
'apple' => [ 'client_id' => env('APPLE_CLIENT_ID'), 'client_secret' => env('APPLE_CLIENT_SECRET'), 'redirect' => env('APPLE_REDIRECT_URI') ],
See Configure Apple ID Authentication
Note: the client secret used for "Sign In with Apple" is a JWT token that can have a maximum lifetime of 6 months. The article above explains how to generate the client secret on demand and you'll need to update this every 6 months. To generate the client secret for each request, see Generating A Client Secret For Sign In With Apple On Each Request
If you don't have secret token, or you don't want to it do manually, you can use a private key (see official docs). Add lines to the configuration as follows:
'apple' => [ 'client_id' => env('APPLE_CLIENT_ID'), // Required. Bundle ID from Identifier in Apple Developer. 'client_secret' => env('APPLE_CLIENT_SECRET'), // Empty. We create it from private key. 'key_id' => env('APPLE_KEY_ID'), // Required. Key ID from Keys in Apple Developer. 'team_id' => env('APPLE_TEAM_ID'), // Required. App ID Prefix from Identifier in Apple Developer. 'private_key' => env('APPLE_PRIVATE_KEY'), // Required. Must be absolute path, e.g. /var/www/cert/AuthKey_XYZ.p8 'passphrase' => env('APPLE_PASSPHRASE'), // Optional. Set if your private key have a passphrase. 'signer' => env('APPLE_SIGNER'), // Optional. Signer used for Configuration::forSymmetricSigner(). Default: \Lcobucci\JWT\Signer\Ecdsa\Sha256 'redirect' => env('APPLE_REDIRECT_URI'), // Required. 'jwt_issued_time_leeway' => env('APPLE_JWT_ISSUED_TIME_LEEWAY'), // Optional. Set this to add a leeway to your JWT issued_time value. See section below ],
If you receive error 400 Bad Request {"error":"invalid_client"} , a possible solution is to use another Signer (Asymmetric algorithms), see Asymmetric algorithms.
Add provider event listener
Laravel 11+
In Laravel 11, the default EventServiceProvider provider was removed. Instead, add the listener using the listen method on the Event facade, in your AppServiceProvider boot method.
- Note: You do not need to add anything for the built-in socialite providers unless you override them with your own providers.
Event::listen(function (\SocialiteProviders\Manager\SocialiteWasCalled $event) { $event->extendSocialite('apple', \SocialiteProviders\Apple\Provider::class); });
Laravel 10 or below
Configure the package's listener to listen for `SocialiteWasCalled` events.Add the event to your listen[] array in app/Providers/EventServiceProvider. See the Base Installation Guide for detailed instructions.
protected $listen = [ \SocialiteProviders\Manager\SocialiteWasCalled::class => [ // ... other providers \SocialiteProviders\Apple\AppleExtendSocialite::class.'@handle', ], ];
Usage
You should now be able to use the provider like you would regularly use Socialite (assuming you have the facade installed):
return Socialite::driver('apple')->redirect();
Returned User fields
idnameemail
Known Issues
JWT Issued_at
Sometimes the plugin may throw an exception due to a mismatch in time - See #1354. Use config('services.apple.jwt_issued_time_leeway') to 'rewind' the time. Default value is 3 seconds (PT3S).
Examples of possible values are PT3S -> 3 seconds, PT1M -> 1 Minute etc ...
The thrown exception may look like this:
[object] (Laravel\\Socialite\\Two\\InvalidStateException(code: 0): The token violates some mandatory constraints, details: - The token was issued in the future at /vendor/socialiteproviders/apple/Provider.php:207) [stacktrace]