Skip to content
OpenAuth

AppleProvider

Reference doc for the `AppleProvider`.

Use this provider to authenticate with Apple. Supports both OAuth2 and OIDC.

Using OAuth

import { AppleProvider } from "@openauthjs/openauth/provider/apple"


export default issuer({
  providers: {
    apple: AppleProvider({
      clientID: "1234567890",
      clientSecret: "0987654321"
    })
  }
})

Using OAuth with form_post response mode

When requesting name or email scopes from Apple, you must use form_post response mode:

import { AppleProvider } from "@openauthjs/openauth/provider/apple"


export default issuer({
  providers: {
    apple: AppleProvider({
      clientID: "1234567890",
      clientSecret: "0987654321",
      responseMode: "form_post"
    })
  }
})

Using OIDC

import { AppleOidcProvider } from "@openauthjs/openauth/provider/apple"


export default issuer({
  providers: {
    apple: AppleOidcProvider({
      clientID: "1234567890"
    })
  }
})

Methods

AppleOidcProvider

AppleOidcProvider(config)

Parameters

Returns Provider

Create an Apple OIDC provider.

This is useful if you just want to verify the user’s email address.

AppleOidcProvider({
  clientID: "1234567890"
})

AppleProvider

AppleProvider(config)

Parameters

Returns Provider

Create an Apple OAuth2 provider.

// Using default query response mode (GET callback)
AppleProvider({
  clientID: "1234567890",
  clientSecret: "0987654321"
})


// Using form_post response mode (POST callback)
// Required when requesting name or email scope
AppleProvider({
  clientID: "1234567890",
  clientSecret: "0987654321",
  responseMode: "form_post",
  scopes: ["name", "email"]
})

AppleConfig

AppleConfig.clientID

Type string

The client ID.

This is just a string to identify your app.

{
  clientID: "my-client"
}

AppleConfig.clientSecret

Type string

The client secret.

This is a private key that’s used to authenticate your app. It should be kept secret.

{
  clientSecret: "0987654321"
}

AppleConfig.pkce?

Type boolean

Default false

Whether to use PKCE (Proof Key for Code Exchange) for the authorization code flow. Some providers like x.com require this.

AppleConfig.query?

Type Record<string, string>

Any additional parameters that you want to pass to the authorization endpoint.

{
  query: {
    access_type: "offline",
    prompt: "consent"
  }
}

AppleConfig.responseMode?

Type query | form_post

Default “query”

The response mode to use for the authorization request. Apple requires ‘form_post’ response mode when requesting name or email scopes.

AppleConfig.scopes

Type string[]

A list of OAuth scopes that you want to request.

{
  scopes: ["email", "profile"]
}

AppleOidcConfig

AppleOidcConfig.clientID

Type string

The client ID.

This is just a string to identify your app.

{
  clientID: "my-client"
}

AppleOidcConfig.query?

Type Record<string, string>

Any additional parameters that you want to pass to the authorization endpoint.

{
  query: {
    prompt: "consent"
  }
}

AppleOidcConfig.scopes?

Type string[]

A list of OIDC scopes that you want to request.

{
  scopes: ["openid", "profile", "email"]
}