How I integrated ‘Sign in with Apple’ to Keycloak

The latest Apple App Store Review Guidelines, require you to add Sign in with Apple if you’re using any other third-party or social login services in our app. So I thought of share my experience on integrating ‘Sign in with Apple’ into Keycloak.

I’ll walk you through the process step by step.

1. How to registering an application in the Apple Developer Portal

First, sign in to the Apple Developer Portal and click on Certificates, Identifiers and Profiles.

If your app does not have an App ID, create one. The App ID will help you to collect information about your app.

You’ll also want to enable Sign in with Apple capability for your app ID.

Next, let’s create a Services ID. The Services ID will identify the particular instance of your app, and is used as the OAuth client_id.

Next step you’ll need to define a description and an identifier. This description is what you’ll see during the login flow and the identifier becomes the OAuth client_id. Also tick the Sign in with Apple option.

Next, click the configure button next to Sign in with Apple and define the domain of your app and redirect urls. And continue and save the steps.

Next step is to create a Private Key for client authentication. In the main Certificates, Identifiers & Profiles screen, choose Keys from the side tab.

Press plus button to add a new key. Fill the required information and check the Sign in with Apple. Select the configure button next to it.

The generated new private key can be downloaded only once, so make sure you save that in secure place.

2. Keycloak configurations

Current latest version(11.0.2) of Keycloak does not include support for apple as an Identity Provider. So you’ll have to look for a another solution. So I found out that there’s a git repository created by BenjaminFavre which gives an extension to Keycloak, that provides support for Sign in with Apple.

Here’s the link for the repository: Apple Social Identity Provider for Keycloak

Download the latest release of the provider JAR file given in the above link.

Follow the Keycloak instructions and install the provider JAR file.

Login to Keycloak admin console and select Identity Providers tab and then select apple from the drop down.

Fill the above form with the relevant information taken from appstore account. Fill Client secret with the base 64 content of your private key file, which you downloaded from appstore connect account (Remember to trim delimiters and new lines!). Fill Team ID and Key ID with the corresponding values.

I assume you have an idea about Keycloak theming, so I’m not going to deep dive into that here.

Hope this article would help you with integrating Sign in with Apple into Keycloak. If you have any questions or suggestions feel free to comment 🙂.