Sign in with Apple Plugin

:information_source: To use this plugin, you will need access to a paid apple developer account.

To try it out, head over to try.discourse.org and log in. Here’s a demo of it working on iOS:

:link: GitHub: https://github.com/discourse/discourse-apple-auth
:arrow_right: Install: Follow the plugin installation guide.

To get set up, you’ll need to configure a number of things in the apple developer console:

  1. Visit https://developer.apple.com/account/ and sign in

  2. Set up an App ID

    • Go to “Certificates Identities and Profiles”
    • Click “Identifiers” on the left menu
    • Click the + button to create a new identifier
    • Select “App IDs”, then continue
    • “App”, then continue
    • Enter a description (visible to users in their authorized apps list). For example “Awesome Community Login”
    • Enter a bundle ID. Apple recommend reversing your domain name like com.example.forum
    • Scroll down and enable “Sign in with Apple”
    • “Continue”
    • Note the Team ID for later
    • “Register”
  3. Set up a Services ID

    • Go to “Certificates Identities and Profiles”
    • Click the + button to create a new identifier
    • “Services ID”, then continue
    • Enter a description. This will be shown to users when they login. For example “Awesome Discourse Community”
    • Enter a bundle ID. You can use the same as the App ID with .login on the end
    • Note this bundle ID for later. It will be the Client ID
    • Continue, Register
    • Find the service ID in the list, and open it
    • Enable Sign in with Apple, and click ‘configure’
    • Enter your website domain like forum.example.com, and a callback url like https://forum.example.com/auth/apple/callback
      Screenshot

    • Next, Done, Continue, Save
  4. Set up a Key

    • Click “Keys” on the left
    • Click + to create a new key
    • Enter a name like “Awesome Community Login”
    • Enable ‘Sign In With Apple’, then “Configure”
    • Choose the primary app ID you created earlier
    • Save, Continue
    • Register
    • Note the Key ID for later
    • Download the key and keep it safe. It will be the apple_pem value
    • Done
  5. Go to your discourse site settings

    • Search for apple_
    • Enter the client id, team id and key id from earlier
    • Open the key file in a text editor, select the whole thing, and copy/paste it into the apple pem site setting
    • Enable sign in with apple enabled

Now try it out - if everything went according to plan, you should now see a “with Apple” button on the login screen.

Private Emails

If users choose to ‘hide my email’ during login, the forum will be given an Apple ‘private relay’ address for the user. To allow your forum to communicate with that address, you need to verify it with Apple

  1. Visit https://developer.apple.com/account/ and sign in

  2. Go to “Certificates Identities and Profiles”

  3. Click ‘More’ on the left, then “Configure” under ‘Sign in with Apple for Email Communication’

  4. Click + next to Email Sources

  5. Under ‘Domains’, enter the domain name which your site sends emails from. (for CDCK hosted customers, this is discoursemail.com)

  6. Save, and check that SPF is verified for the address

Note that entering an individual email address here will break the ‘reply by email’ feature of Discourse. You must add the whole domain.

Notes

  • This may be integrated into Discourse core in the near future. If that happens, all your configuration will be automatically migrated.
23 Likes

I would love to see that happen for the benefit of my users. Regardless, great plugin! :grin:

I’m sure that you’ll be able to figure it out. It will be worth it, that’s for sure.

I anticipate the day that this plugin is integrated into core.

1 Like

Instructions for enabling the apple private email relay have been added to the OP. It’s nice and easy to configure and seems to work well with Discourse, even when using ‘reply by email’ :smiley:

4 Likes

One down, one left to go! :wink: :sweat_smile:

1 Like

This plugin is now installed and enabled here on Meta :green_apple:

6 Likes

Thank you so much! It works awesome on Discourse Meta, so it’ll probably work great on other Discourse forums too!

1 Like

Great plugin! Please integrate it into core!

1 Like

Great plugin and awesome detailed instructions! Thanks. :slight_smile:

Slight problem for me though when running discourse via a mobile app on iOS. “Sign in with facebook” or “Sign in with twitter” stays within the app and works successfully, however “sign in with apple” launches Safari and opens https://appleid.apple.com outside the app with the error “Authorization timed out, or you have switched browsers” - which technically, I have! :wink:

Any suggestions how to resolve this?

Also just submitted a minor pull request/fix for the URL giving 404 when clicked on in the admin panel. Hope thats ok. :slight_smile:

3 Likes

Thanks! Just merged it :slight_smile:

Is this the official Discourse Hub app, or your own app?

3 Likes

Its following @pmusaraj’s awesome discourse white-labelling guide here, which is based on that I believe:

https://github.com/pmusaraj/discourse-mobile-single-site-app

I’ve updated it somewhat to make it functional as it didn’t work out of the box - but see he’s actively working on bringing it up to date.

1 Like

@david ignore me I’m an idiot. :slight_smile:
I’ve managed to trace this down to the code for the app. There’s a config global.internalURLs within app.variables.js - adding appleid.apple.com to this makes it stop popping up as a popup. Unsure why twitter and facebook aren’t included here, but it works great now! Thanks :slight_smile:

4 Likes

Very cool and thank you!

I am getting an error when trying to login with apple:

Sorry, there was an error authorizing your account. Please try again.

URL: Hangar Flying

Thoughts?
Will

Can you check /logs on your forum and see if there are any errors?

(apple) Authentication failure! invalid_credentials: OAuth2::Error, invalid_client: {“error”:“invalid_client”}

I’ve checked all the IDs and they are correct. After getting the error I checked my apple id and it is connected to the site, but when I try to login with it I get the error again

I believe that error is being returned by Apple’s servers when Discourse attempts to fetch identity information. The most likely cause is some kind of misconfiguration.

I’d recommend running through the instructions again, and make sure everything has been copy/pasted correctly, and all the correct things are enabled in the Apple developer portal.

4 Likes

Thanks! I deleted all the configuration info and started over. Works great!!

4 Likes