What is AppleAuth?
AppleAuth is a Ruby gem we developed to integrate Apple Sign In in our server side applications.
Apple announced Sign in with Apple in the WWDC 2019 Conference, then in September 2019 Apple updated its App Store Review Guideline to state that if your iOS app implements a third-party or social login service (like Facebook Login or Google Sign-In) it will be mandatory to offer Apple sign in as an option by the end of April 2020. Besides following the standards, implementing apple authentication will let sign in using their two-factor authentication Apple ID. After the user follows Sign in with Apple to log in, your app receives tokens and user information that you can use to authenticate the user in your server.
Apple sign-in workflow
For more information, check the Apple Official Documentation
How does AppleAuth works?
Apple authentication follows the OAuth 2.0 flow, and this gem will help us with this flow. After the user signs in the client-side, we will have access to the user_identity, code, and JWT on our server-side. The last one is a token that will be used to validate user authentication with Apple. So [.c-inline-code]Apple_Auth[.c-inline-code]'s first step will be to decode and validate the JWT.
If we successfully validate the JWT, we can authenticate users and get their information. At this point, we can persist refresh-token, to once a day, and if needed get a fresh token from Apple and ensure that the user continues to have their [.c-inline-code]apple_id[.c-inline-code] validated.
If you already have [.c-inline-code]DeviseTokenAuth[.c-inline-code] gem implemented on your Rails project, you can just run this generator:
In the scope you need to write your path from controllers to your existent devise controllers and set up the routes.
This generator will create a controller, that implements [.c-inline-code]AppleAuth[.c-inline-code] methods, get the user's email, and register them.