habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
582812b3ec5df24a556f41e76b925647788038e2
authentik/docs/topics/users-sources/sources/social-logins/apple/index.md
Teffen Ellis 582812b3ec website: Flesh out docs split. 
website: Copy files during build.

website: Allow for mixed env builds.

website: Reduce build size.

website: Expose build.

website: Add build memory debugging.

WIP: Disable broken links check to compare memory usage.

website: Update deps.

website: Clean up API paths.

website: Flesh out 3.8 fixes.

Format.

website: Update ignore paths.

Website: Clean up integrations build.

website: Fix paths.

website: Optimize remark.

website: Update deps.

website: Format.

website: Remove linking.

website: Fix paths.

wip: Attempt API only build.

Prep.

Migrate render to runtime. Tidy sidebar.

Clean up templates.

docs: Move directory. WIP

docs: Flesh out split.

website: Fix issue where routes have collisions.
2025-07-01 21:53:19 +02:00

2.7 KiB
Raw Blame History

title, support_level
title support_level
Apple authentik

Allows users to authenticate using their Apple ID.

Preparation

:::caution An Apple developer account is required. :::

:::caution Apple mandates the use of a registered TLD, as such this source will not work with .local and other non-public TLDs. :::

The following placeholders are used in this guide:

  • authentik.company is the FQDN of the authentik install.

Apple

  1. Log in to your Apple developer account, and navigate to Certificates, IDs & Profiles, then click Identifiers in the sidebar.
  2. Register a new Identifier with the type of App IDs, and the subtype App.
  3. Choose a name that users will recognise for the Description field.
  4. For your bundle ID, use the reverse domain of authentik, in this case company.authentik.
  5. Scroll down the list of capabilities, and check the box next to Sign In with Apple.
  6. At the top, click Continue and Register.

  1. Register another new Identifier with the type of Services IDs.
  2. Again, choose the same name as above for your Description field.
  3. Use the same identifier as above, but add a suffix like signin or oauth, as identifiers are unique.
  4. At the top, click Continue and Register.

  1. Once back at the overview list, click on the just-created Identifier.
  2. Enable the checkbox next to Sign In with Apple, and click Configure
  3. Under domains, enter authentik.company.
  4. Under Return URLs, enter https://authentik.company/source/oauth/callback/apple/.

  1. Click on Keys in the sidebar. Register a new Key with any name, and select Sign in with Apple.
  2. Click on Configure, and select the App ID you've created above.
  3. At the top, click Save, Continue and Register.
  4. Download the Key file and note the Key ID.

  1. Note the Team ID, visible at the top of the page.

authentik

  1. Under Directory -> Federation & Social login Click Create Apple OAuth Source

  2. Name: Apple

  3. Slug: apple

  4. Consumer Key: The identifier from step 9, then ;, then your Team ID from step 19, then ;, then the Key ID from step 18.

    Example: io.goauthentik.dev-local;JQNH45HN7V;XFBNJ82BV6

  5. Consumer Secret: Paste the contents of the keyfile you've downloaded

Save, and you now have Apple as a source.

:::note For instructions on how to display the new source on the authentik login page, refer to the Add sources to default login page documentation. :::