Sign in with Apple

netmikey · December 6, 2019, 11:50pm

Thanks for the clarification and links, @anthony-dj @jangaraj!

This JWT expires in 6 months, which is the maximum lifetime Apple will allow. If you’re generating a new client secret JWT every time a user authenticates, then you should use a much shorter expiration date.

While it looks like it would technically be possible to integrate Sign In With Apple as a generic OIDC identity provider, how practical is it to renew the client secret every 6 months or less? While this, in turn, might be automated, it seems like a workaround. The intended use seems to be generating a fresh JWT from the secret key for every sign in request. This is precisely the mechanism I am missing in Keycloak for a practical use of Sign In With Apple.

Topic		Replies	Views
Custom web server for UI pages Getting advice authentication	50	10461	May 9, 2024
Getting an access token with the social provider Getting advice oidc	0	29	August 27, 2024
Keycloak OIDC Oracle Apex integration issue Getting advice	0	567	November 15, 2023
Integrate keycloak with ibm api connect Getting advice	0	757	February 21, 2022
Access token payload, information about OTP Getting advice authentication	0	447	April 12, 2021

Sign in with Apple

Related topics