habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
423776c7a2076d48fc74d10b9237fa49f21f232e
authentik/website/integrations/sources/apple/index.md
flaktrooper 4bf6cfc4d8 website/integrations: fix instruction links on source pages (#4196) 
* website/integrations: fix links for adding source to login page instructions

* website/integrations: add missing login page instruction link to plex

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:54:21 +00:00

2.6 KiB
Raw Blame History

title
title
Apple

Support level: authentik

Allows users to authenticate using their Apple ID.

Preparation

:::warning An Apple developer account is required. :::

:::warning Apple mandates the use of a registered TLD, as such this source will not work with .local and other non-public TLDs. :::

The following placeholders will be used:

  • authentik.company is the FQDN of the authentik install.

Apple

  1. Log into your Apple developer account, and navigate to Certificates, IDs & Profiles, then click Identifiers in the sidebar.
  2. Register a new Identifier with the type of App IDs, and the subtype App.
  3. Choose a name that users will recognise for the Description field.
  4. For your bundle ID, use the reverse domain of authentik, in this case company.authentik.
  5. Scroll down the list of capabilities, and check the box next to Sign In with Apple.
  6. At the top, click Continue and Register.

  1. Register another new Identifier with the type of Services IDs.
  2. Again, choose the same name as above for your Description field.
  3. Use the same identifier as above, but add a suffix like signin or oauth, as identifiers are unique.
  4. At the top, click Continue and Register.

  1. Once back at the overview list, click on the just-created Identifier.
  2. Enable the checkbox next to Sign In with Apple, and click Configure
  3. Under domains, enter authentik.company.
  4. Under Return URLs, enter https://authentik.company/source/oauth/callback/apple/.

  1. Click on Keys in the sidebar. Register a new Key with any name, and select Sign in with Apple.
  2. Click on Configure, and select the App ID you've created above.
  3. At the top, click Save, Continue and Register.
  4. Download the Key file and note the Key ID.

  1. Note the Team ID, visible at the top of the page.

authentik

  1. Under Directory -> Federation & Social login Click Create Apple OAuth Source

  2. Name: Apple

  3. Slug: apple

  4. Consumer Key: The identifier from step 9, then ;, then your Team ID from step 19, then ;, then the Key ID from step 18.

    Example: io.goauthentik.dev-local;JQNH45HN7V;XFBNJ82BV6

  5. Consumer Secret: Paste the contents of the keyfile you've downloaded

Save, and you now have Apple as a source.

:::note For more details on how-to have the new source display on the Login Page see here. :::