sources/oauth: add Sign in with Apple (#1635)

* sources/oauth: add apple sign in support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: apple sign in docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix missing apple in sidebar

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sources/oauth: add fallback values for name and slug

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

website/docs/integrations/services/bookstack/index.md

@@ -50,7 +50,7 @@ In authentik, create an application which uses this provider. Optionally apply a
 
 ### Step 3
 
-Obtain your Metadata URL from Authentik.
+Obtain your Metadata URL from authentik.
 
 1. Click on the BookStack Provider
 2. Click the Metadata Tab
@@ -69,7 +69,7 @@ Modify the following Example SAML config and paste incorporate into your `.env`
 AUTH_METHOD=saml2
 # Set the display name to be shown on the login button.
 # (Login with <name>)
-SAML2_NAME=Authentik
+SAML2_NAME=authentik
 # Name of the attribute which provides the user's email address
 SAML2_EMAIL_ATTRIBUTE=email
 # Name of the attribute to use as an ID for the SAML user.

website/docs/integrations/services/portainer/index.md

@@ -21,7 +21,7 @@ The following placeholders will be used:
 - `port.company` is the FQDN of Portainer.
 - `authentik.company` is the FQDN of authentik.
 
-### Step 1 - Authentik
+### Step 1 - authentik
 
 In authentik, under _Providers_, create an _OAuth2/OpenID Provider_ with these settings:
 
@@ -57,7 +57,7 @@ Portainer by default shows commas between each item in the Scopes field.  Do **N
 
 ![](./port1.png)
 
-### Step 3 - Authentik
+### Step 3 - authentik
 
 In authentik, create an application which uses this provider. Optionally apply access restrictions to the application using policy bindings.
 

website/docs/integrations/services/vikunja/index.md

@@ -76,9 +76,9 @@ auth:
         # The auth url to send users to if they want to authenticate using OpenID Connect.
         authurl: https://authentik.company/application/o/vikunja/
         # The client ID used to authenticate Vikunja at the OpenID Connect provider.
-        clientid: THIS IS THE CLIENT ID YOU COPIED FROM STEP 1 in Authentik
+        clientid: THIS IS THE CLIENT ID YOU COPIED FROM STEP 1 in authentik
         # The client secret used to authenticate Vikunja at the OpenID Connect provider.
-        clientsecret: THIS IS THE CLIENT SECRET YOU COPIED FROM STEP 1 in Authentik
+        clientsecret: THIS IS THE CLIENT SECRET YOU COPIED FROM STEP 1 in authentik
 ```
 
 :::note

website/docs/integrations/services/wekan/index.mdx

@@ -39,7 +39,7 @@ import TabItem from '@theme/TabItem';
     {label: 'Standalone', value: 'standalone'},
   ]}>
   <TabItem value="docker">
-If your Wekan is running in docker, add the following environment variables for Authentik
+If your Wekan is running in docker, add the following environment variables for authentik
 
 ```yaml
 environment:
@@ -58,11 +58,11 @@ environment:
 ```
   </TabItem>
   <TabItem value="standalone">
-    
+
 edit `.env` and add the following:
 
 ```ini
-     # Authentik OAUTH Config
+     # authentik OAUTH Config
       OAUTH2_ENABLED='true'
       OAUTH2_LOGIN_STYLE='redirect'
       OAUTH2_CLIENT_ID='<Client ID from above>'

website/docs/integrations/services/wordpress/index.md

@@ -21,7 +21,7 @@ The following placeholders will be used:
 - `wp.company` is the FQDN of Wordpress.
 - `authentik.company` is the FQDN of authentik.
 
-### Step 1 - Authentik
+### Step 1 - authentik
 
 In authentik, under _Providers_, create an _OAuth2/OpenID Provider_ with these settings:
 
@@ -63,7 +63,7 @@ Only settings that have been modified from default have been listed.
 Review each setting and choose the ones that you require for your installation.  Examples of popular settings are _Link Existing Users_, _Create user if does not exist_, and _Enforce Privacy_
 :::
 
-### Step 3 - Authentik
+### Step 3 - authentik
 
 In authentik, create an application which uses this provider. Optionally apply access restrictions to the application using policy bindings.
 

website/docs/integrations/sources/apple/index.md

@@ -0,0 +1,67 @@
+---
+title: Apple
+---
+
+Allows users to authenticate using their Apple ID.
+
+## Preparation
+
+:::warning
+An Apple developer account is required for this.
+:::
+
+The following placeholders will be used:
+
+- `authentik.company` is the FQDN of the authentik install.
+
+## Apple
+
+1. Log into your Apple developer account, and navigate to **Certificates, IDs & Profiles**, then click **Identifiers** in the sidebar.
+2. Register a new Identifier with the type of **App IDs**, and the subtype **App**.
+3. Choose a name that users will recognise for the **Description** field.
+4. For your bundle ID, use the reverse domain of authentik, in this case `company.authentik`.
+5. Scroll down the list of capabilities, and check the box next to **Sign In with Apple**.
+6. At the top, click **Continue** and **Register**.
+
+![](app_id.png)
+
+7. Register another new Identifier with the type of **Services IDs**.
+8. Again, choose the same name as above for your **Description** field.
+9. Use the same identifier as above, but add a suffix like `signin` or `oauth`, as identifiers are unique.
+10. At the top, click **Continue** and **Register**.
+
+![](service_id.png)
+
+11. Once back at the overview list, click on the just-created Identifier.
+12. Enable the checkbox next to **Sign In with Apple**, and click **Configure**
+13. Under domains, enter `authentik.company`.
+14. Under **Return URLs**, enter `https://authentik.company/source/oauth/callback/apple/`.
+
+![](app_service_config.png)
+
+15. Click on **Keys** in the sidebar. Register a new Key with any name, and select **Sign in with Apple**.
+16. Click on **Configure**, and select the App ID you've created above.
+17. At the top, click **Save**, **Continue** and **Register**.
+18. Download the Key file and note the **Key ID**.
+
+![](key.png)
+
+19. Note the Team ID, visible at the top of the page.
+
+## authentik
+
+20. Under _Resources -> Sources_ Click **Create Apple OAuth Source**
+
+21. **Name**: `Apple`
+22. **Slug**: `apple`
+23. **Consumer Key:** The identifier from step 9, then `;`, then your Team ID from step 19, then `;`, then the Key ID from step 18.
+
+    Example: `io.goauthentik.dev-local;JQNH45HN7V;XFBNJ82BV6`
+
+24. **Consumer Secret:** Paste the contents of the keyfile you've downloaded
+
+Save, and you now have Apple as a source.
+
+:::note
+For more details on how-to have the new source display on the Login Page see the Sources page.
+:::

website/docs/integrations/sources/discord/index.md

@@ -33,7 +33,7 @@ Here is an example of a completed OAuth2 screen for Discord.
 
 ![Example Screen](discord4.png)
 
-## Authentik
+## authentik
 
 8. Under _Resources -> Sources_ Click **Create Discord OAuth Source**
 
@@ -43,7 +43,7 @@ Here is an example of a completed OAuth2 screen for Discord.
 12. **Consumer Secret:** Client Secret from step 5
 13. **Provider type:** Discord
 
-Here is an exmple of a complete Authentik Discord OAuth Source
+Here is an example of a complete authentik Discord OAuth Source
 
 ![Example Screen](discord5.png)
 
@@ -51,4 +51,4 @@ Save, and you now have Discord as a source.
 
 :::note
 For more details on how-to have the new source display on the Login Page see the Sources page
-:::
+:::

website/docs/integrations/sources/github/index.md

@@ -17,7 +17,7 @@ The following placeholders will be used:
 
 ![Register OAuth App](githubdeveloper1.png)
 
-2. **Application Name:** Choose a name users will recognize ie: Authentik
+2. **Application Name:** Choose a name users will recognize ie: authentik
 3. **Homepage URL**:: www.my.company
 4. **Authorization callback URL**: https://authentik.company/source/oauth/callback/github
 5. Click **Register Application**
@@ -27,9 +27,9 @@ Example screenshot
 ![Example Screen](githubdeveloperexample.png)
 
 6. Copy the **Client ID** and _save it for later_
-7. Click **Generate a new client secret** and _save it for later_  You will not be able to see the secret again, so be sure to copy it now.  
+7. Click **Generate a new client secret** and _save it for later_  You will not be able to see the secret again, so be sure to copy it now.
 
-## Authentik
+## authentik
 
 8. Under _Resources -> Sources_ Click **Create Github OAuth Source**
 
@@ -49,7 +49,7 @@ As of June 20 2021 these URLS are correct. Here is the Github reference URL http
 15. **Access token URL:** `https://github.com/login/oauth/access_token`
 16. **Profile URL:** `https://api.github.com/user`
 
-Here is an exmple of a complete Authentik Github OAuth Source
+Here is an example of a complete authentik Github OAuth Source
 
 ![Example Screen](githubexample2.png)
 

website/docs/integrations/sources/google/index.md

@@ -15,7 +15,7 @@ The following placeholders will be used:
 You will need to create a new project, and OAuth credentials in the Google Developer console.  The developer console can be overwhelming at first.
 
 1. Visit https://console.developers.google.com/ to create a new project
-2. Create a New project. 
+2. Create a New project.
 
 ![Example Screen](googledeveloper1.png)
 
@@ -62,7 +62,7 @@ _I'm only going to list the mandatory/important fields to complete._
 24. Click **Create**
 25. Copy and store _Your Client ID_ and _Your Client Secret_ for later
 
-## Authentik
+## authentik
 
 26. Under _Resources -> Sources_ Click **Create Google OAuth Source**
 
@@ -72,7 +72,7 @@ _I'm only going to list the mandatory/important fields to complete._
 30. **Consumer Secret:** Your Client Secret from step 25
 31. **Provider Type:** Google
 
-Here is an exmple of a complete Authentik Google OAuth Source
+Here is an example of a complete authentik Google OAuth Source
 
 ![Example Screen](authentiksource.png)
 
@@ -80,4 +80,4 @@ Save, and you now have Google as a source.
 
 :::note
 For more details on how-to have the new source display on the Login Page see the Sources page
-:::
+:::

website/docs/integrations/sources/plex/index.md

@@ -8,7 +8,7 @@ Allows users to authenticate using their Plex credentials
 
 None
 
-## Authentik -> Sources
+## authentik -> Sources
 
 Add _Plex_ as a _source_