Discourse Apple Authentication

:warning: To use this plugin, you will need access to a paid Apple developer account.

:discourse2: Summary Discourse Apple Authentication allows users to login using Apple authentication.
:hammer_and_wrench: Repository Link https://github.com/discourse/discourse-apple-auth
:open_book: Install Guide How to install plugins in Discourse

To try it out, head over to try.discourse.org and log in. Here’s a demo of it working on iOS:

To get set up, you’ll need to configure a number of things in the apple developer console:

  1. Visit Sign In - Apple and sign in

  2. Set up an App ID

    • Go to “Certificates Identities and Profiles”
    • Click “Identifiers” on the left menu
    • Click the + button to create a new identifier
    • Select “App IDs”, then continue
    • “App”, then continue
    • Enter a description (visible to users in their authorized apps list). For example “Awesome Community Login”
    • Enter a bundle ID. Apple recommend reversing your domain name like com.example.forum
    • Scroll down and enable “Sign in with Apple”
    • “Continue”
    • Note the Team ID for later
    • “Register”
  3. Set up a Services ID

    • Go to “Certificates Identities and Profiles”
    • Click the + button to create a new identifier
    • “Services ID”, then continue
    • Enter a description. This will be shown to users when they login. For example “Awesome Discourse Community”
    • Enter a bundle ID. You can use the same as the App ID with .login on the end
    • Note this bundle ID for later. It will be the Client ID
    • Continue, Register
    • Find the service ID in the list, and open it
    • Enable Sign in with Apple, and click ‘configure’
    • Enter your website domain like forum.example.com, and a callback url like https://forum.example.com/auth/apple/callback
      Screenshot

    • Next, Done, Continue, Save
  4. Set up a Key

    • Click “Keys” on the left
    • Click + to create a new key
    • Enter a name like “Awesome Community Login”
    • Enable ‘Sign In With Apple’, then “Configure”
    • Choose the primary app ID you created earlier
    • Save, Continue
    • Register
    • Note the Key ID for later
    • Download the key and keep it safe. It will be the apple_pem value
    • Done
  5. Go to your discourse site settings

    • Search for apple_
    • Enter the client id, team id and key id from earlier
    • Open the key file in a text editor, select the whole thing, and copy/paste it into the apple pem site setting
    • Enable sign in with apple enabled

Now try it out - if everything went according to plan, you should now see a “with Apple” button on the login screen.

Private Emails

If users choose to ‘hide my email’ during login, the forum will be given an Apple ‘private relay’ address for the user. To allow your forum to communicate with that address, you need to verify it with Apple

  1. Visit Sign In - Apple and sign in

  2. Go to “Certificates Identities and Profiles”

  3. Click ‘More’ on the left, then “Configure” under ‘Sign in with Apple for Email Communication’

  4. Click + next to Email Sources

  5. Under ‘Domains’, enter the domain name which your site sends emails from. (for CDCK hosted customers, this is discoursemail.com)

  6. Save, and check that SPF is verified for the address

Note that entering an individual email address here will break the ‘reply by email’ feature of Discourse. You must add the whole domain.

Notes

  • This may be integrated into Discourse core in the near future. If that happens, all your configuration will be automatically migrated.
30 Likes