Drupal Apple SSO Login with OAuth Client | Drupal Apple Login

Drupal Apple SSO integration will allow you to configure Single Sign-On ( SSO ) login between your Drupal site and Apple using OAuth/OpenID protocol. Drupal OAuth 2.0/OpenID connect module gives the ability to enable login using OAuth 2.0/OIDC Single Sign-On to Drupal Site. We provide the Drupal OAuth/OpenID Client module for Drupal 7, Drupal 8, Drupal 9 and Drupal 10.
Here we will go through a guide to configure the SSO login between Drupal and Apple. By following these steps, users of Apple will be able to log into the Drupal site using their Apple credentials.
If you have any queries or if you need any sort of assistance in configuring the module, you can contact us at drupalsupport@xecurify.com. If you want, we can also schedule an online meeting to help you configure the Drupal OAuth & OpenID Connect Login – OAuth2 Client SSO Login module.

1. Configure SSO Application in Apple

• First of all, go to https://developer.apple.com click on Account and Login with your Apple developer account.

• Click on Certificates, Identifiers & Profiles tab.

• In the left menu Click on Identifiers and after that click on the Plus Icon(blue color) . Click on Continue for the next 2 pages.

• Enter Description and Bundle ID for the App ID. (The Bundle ID should be in reverse-dns style string.)

• In the Capabilities section scroll down and select sign In with apple and Click on Edit link.

• Select Enable as a primary App Id and click on Save. Click on Continue and then click on Register.

• In the right corner click on Continue and after that Register button.
• Again click the Plus icon( blue color). Select Service IDs and click on Continue.

• Enter Description and Identifier( Identifier would be your client id). and click on the Continue and after that Register button.

• Click on Keys tab from the left menu.Click on the Plus icon to register a new key.

• Give your Key a name, and select Sign In with Apple and click on Configure button.

• Select your Primary Id and click on the Save button and after that at the right corner click on Continue and Register button.

• Click on the Download button once the key is downloaded click on the Done button.

• In the left menu click on Identifiers and the right top click on App IDs.

• Click on Service IDs from the drop down menu.

• Select your Service Id from the List.

• Select Sign In with Apple and click on Configure button.

• Select the Primary App Id from the drop down, and Enter the Domain and Redirect URL in Domains and Subdomains and Return URLs respectively and click on the Next button (You will get the Domain name and Redirect URL from Drupal module).

• Verify the details and click on the Done button. After that at the right corner click on the Continue button.
• Copy the Identifier value and click on the Save button.

2. Generating Secret Key

• Download the Ruby installer from the following link https://rubyinstaller.org/downloads/ and then install it.
• Search for the Start command prompt with ruby open the ruby command prompt andinstall the JWT gem by running the following command on the command line:gem install JWT.
• Copy the below code in a file and save the file with the .rb extension. Keep this .rb fileand downloaded .p8 file in the same folder.
• Enter the name of downloaded file example= "key.P8", key_id , client_id, team_id in the code
• Open Ruby command prompt and run the above code using the following command ruby filename.rb

• require 'jwt'key_file = 'key.P8'
  
    team_id = ''
  
    client_id = ''
  key_id = ''
  ecdsa_key = OpenSSL::PKey::EC.new IO.read key_file
  headers = {
  'kid' => key_id
  }
  claims = {
  'iss' => team_id,
  'iat' => Time.now.to_i,
  'exp' => Time.now.to_i + 86400*180,
  'aud' => 'https://appleid.apple.com',
  'sub' => client_id,
  }
  token = JWT.encode claims, ecdsa_key, 'ES256', headers
  puts token

• You will get your secret key. Copy the secret key.

3. Integrating Drupal with Apple

• Enter the Identifier value in the Client ID and copy the downloaded key value in Client secret of the Drupal module.
• In Drupal’s Configure OAuth tab, paste the copied Client ID and Client Secret in the Client ID and Client Secret text-field.

• You have successfully completed your Apple App OAuth Server side configurations.

Client ID :	from the step 2 above
Client Secret :	from the step 3 above
Scope:	email
Authorize Endpoint:	https://appleid.apple.com/auth/authorize
Access Token Endpoint:	https://appleid.apple.com/auth/token

4. Test Configuration of Drupal with Apple

• After successfully saving the configurations, please click on the Test Configuration button to test the connection between Drupal and Apple.

• This Test Configuration window will provide you with a list of the attributes that are coming from the Apple.
• Select the Email Attribute from the dropdown menu in which the user's email ID is obtained and click on the Done button.

• Now, in the Attribute & Role Mapping tab, you can also choose the Username Attribute from the dropdown and click on the Save Configuration button.


Please note: Mapping the Email Attribute is mandatory for your login to work.

• Now log out and go to your Drupal site’s login page. You will automatically find a Login with Apple link there. If you want to add the SSO link to other pages as well, please follow the steps given in the image below :

24*7 Active Support:

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal OAuth/OpenID Single Sign On module.

Additional Resources

• What is OAuth 2.0?
• What is OpenID Connect?
• Frequently Asked Questions (FAQs)

Our Other modules