Can anyone please tell me what is the correct way to add sign in with apple?

Hello Everyone

As you know apple now force every app to include sign in with apple id

I have tried to add sign in with apple to my website + ios app
but i have a problem when I click the sign in with apple button
I get this error

Invalid Client Id

I have checked the url
and it is something like
https://appleid.apple.com/auth/authorize?client_id=None

even after I have added client id to the django admin but it is still None

Here how I did all

first I created an app in apple developer
second I created a service ID for this app in apple developer
and set the redirection url to ( https://mywebsite/auth/complete/apple-id/)

finally I generated a private .p8 key from apple developer website

I copied the service id identifier as client id and private key admin as secret key to django

like this

Client ID:service identifier
Client Secret:
-----BEGIN PRIVATE KEY-----
{ p8 key }
-----END PRIVATE KEY-----

Can anyone please tell me what is the correct way to add sign in with apple?

What version of edx-platform are you working with? I believe the apple-id social-auth backend is working in both koa and lilac.

I don’t think we have public documentation on how to do the setup. Theoretically, the configuration should be independent of Open edX, but I suppose there could be something particular to it.

Thanks

I’m using open EdX Koa

The problem is with the client id, it is not read from the Django admin and when I click the sign in button the client id it is set to None

can I add the client id on server without using Django admin if so which file should I change?

where are you setting up client ID and client secret in django settings? Please provide some more detail. there must be some configuration issue.

Thanks for your replay

I used the service ID as client ID from the apple Developer account
and pasted it in
https://mysite.com/admin/third_party_auth/oauth2providerconfig/add

like this

if everything is correct then I believe the problem must be within the apple id authentication file on the open EdX server ( I did not change anything)

Here’s what I used when enabling the login for edX’s site:

  • Select the Enabled checkbox
  • Choose a Name value, e.g. Apple
  • Choose a Slug value, e.g. apple-id
  • Select the appropriate Site
  • Leave Visible unchecked for now
  • Set Backend name to apple-id
  • Set Client ID to the client ID you got from the Apple site
  • Set Client Secret to the contents of the key file that contains “BEGIN PRIVATE KEY”
  • Set Other settings to JSON like this:
{
  "EMAIL_AS_USERNAME": true,
  "AUDIENCE": ["__your_app_id__", "__your_service_id__"],
  "CLIENT": "__your_service_id__",
  "TEAM": "__your_team_id__",
  "SCOPE": ["email","name"]
}

If I recall correctly, the AUDIENCE field should have only needed App ID, but we also had to add Service ID to make it work. I don’t recall why. Also bear in mind that we’re using a fork of the python social auth package’s apple-id code.

I think I then used https://__LMS__/auth/login/apple-id/ (has to match Slug setting) to initiate the flow during testing, before toggling the “Visible” checkbox.

If you could give this a try and report back either way, we can figure out where to document it – which might be on the Open edX side or the python-social-auth side.

Just be aware that Apple ID encourages users to select the “private email relay” option, which can cause problems during setup; for login or account recovery, they may be locked out until they realize they need to use the relay email address for login rather than their regular address. (I don’t think it would cause any trouble if they use their username, though.)

2 Likes

Thank You Very Much ,it solved the invalid client Id problem but now I get another problem the registration does complete , I checked the log file and I found this error:

[user None] [ip {ip}] [middleware.py:40] - Session value state missing.