Discourse Apple Authentication

:warning: To use this plugin, you will need access to a paid Apple developer account.

:discourse2: Summary Discourse Apple Authentication allows users to login using Apple authentication.
:hammer_and_wrench: Repository Link https://github.com/discourse/discourse-apple-auth
:open_book: Install Guide How to install plugins in Discourse

To try it out, head over to try.discourse.org and log in. Here’s a demo of it working on iOS:

To get set up, you’ll need to configure a number of things in the apple developer console:

  1. Visit Sign In - Apple and sign in

  2. Set up an App ID

    • Go to “Certificates Identities and Profiles”
    • Click “Identifiers” on the left menu
    • Click the + button to create a new identifier
    • Select “App IDs”, then continue
    • “App”, then continue
    • Enter a description (visible to users in their authorized apps list). For example “Awesome Community Login”
    • Enter a bundle ID. Apple recommend reversing your domain name like com.example.forum
    • Scroll down and enable “Sign in with Apple”
    • “Continue”
    • Note the Team ID for later
    • “Register”
  3. Set up a Services ID

    • Go to “Certificates Identities and Profiles”
    • Click the + button to create a new identifier
    • “Services ID”, then continue
    • Enter a description. This will be shown to users when they login. For example “Awesome Discourse Community”
    • Enter a bundle ID. You can use the same as the App ID with .login on the end
    • Note this bundle ID for later. It will be the Client ID
    • Continue, Register
    • Find the service ID in the list, and open it
    • Enable Sign in with Apple, and click ‘configure’
    • Enter your website domain like forum.example.com, and a callback url like https://forum.example.com/auth/apple/callback
      Screenshot

    • Next, Done, Continue, Save
  4. Set up a Key

    • Click “Keys” on the left
    • Click + to create a new key
    • Enter a name like “Awesome Community Login”
    • Enable ‘Sign In With Apple’, then “Configure”
    • Choose the primary app ID you created earlier
    • Save, Continue
    • Register
    • Note the Key ID for later
    • Download the key and keep it safe. It will be the apple_pem value
    • Done
  5. Go to your discourse site settings

    • Search for apple_
    • Enter the client id, team id and key id from earlier
    • Open the key file in a text editor, select the whole thing, and copy/paste it into the apple pem site setting
    • Enable sign in with apple enabled

Now try it out - if everything went according to plan, you should now see a “with Apple” button on the login screen.

Private Emails

If users choose to ‘hide my email’ during login, the forum will be given an Apple ‘private relay’ address for the user. To allow your forum to communicate with that address, you need to verify it with Apple

  1. Visit Sign In - Apple and sign in

  2. Go to “Certificates Identities and Profiles”

  3. Click ‘More’ on the left, then “Configure” under ‘Sign in with Apple for Email Communication’

  4. Click + next to Email Sources

  5. Under ‘Domains’, enter the domain name which your site sends emails from. (for CDCK hosted customers, this is discoursemail.com)

  6. Save, and check that SPF is verified for the address

Note that entering an individual email address here will break the ‘reply by email’ feature of Discourse. You must add the whole domain.

Last edited by @JammyDodger 2024-06-03T21:51:28Z

Check documentPerform check on document:
35 Likes

Hi there!

I wonder if the integration for Apple Authentication into Discourse core is still in the plan?

We decided to keep it in a plugin for the time being. I’ll remove the note about core integration from the OP to reduce confusion. :writing_hand:

On our discourse.org managed hosting, this plugin is currently available on all tiers except ‘basic’.

3 Likes

Thank you for this. When I start truly growing my community this and Google login will really help people sign up. Took me a few to get it going but I got it working just fine.

1 Like

Apologies if I’m not in the right place, but do I need to maintain the developer account as long as I intend to use the plugin on our Discourse community?

I think so, yes. Presumably, if the developer account lapses, then the credentials would no longer be valid.

Thanks, David. I was afraid of that! :rofl:

1 Like