Python library to implement Sign In with Apple in your Django backend.
To easily install or upgrade to the latest release, use pip.
$ pip install appleauth
From now on, some stuff is much better explained on the Apple docs, so when in doubt just check (if you haven't done so) the following documents:
- Sign In With Apple
- Request an authorization to the Sign in with Apple server
- Generate and validate tokens
- Revoke tokens
To start using the lib, some Apple Keys needs to be generated:
client_id
(string)- The identifier (App ID or Services ID) for your app. The identifier must not include your Team ID, to help prevent the possibility of exposing sensitive data to the end user.
client_secret
(string)- A secret JSON Web Token, generated by the developer, that uses the Sign in with Apple private key associated with your developer account. Authorization code and refresh token validation requests require this parameter.
team_id
(string)- Team ID of your developer account this can be found in your apple developer portal => identifier of your app => "App ID prefix".
key_id
(string)- The Key ID of the p8 file.
You can install the library directly from PYPI using pip:
pip install appleauth
Edit your settings.py file and update INSTALLED_APPS
and APPLE_CONFIG
with the appropriate keys generated via Apple Developer Portal:
INSTALLED_APPS = [
...,
"appleauth"
]
# Apple Config
APPLE_CONFIG = {
"APPLE_KEY_ID": "",
"APPLE_TEAM_ID": "",
"APPLE_CLIENT_ID": "",
"APPLE_PRIVATE_KEY": "",
"APPLE_REDIRECT_URL": "{{BASE URL}}/auth/apple/token", # https://127.0.0.1:8000/auth/apple/token
"APPLE_SCOPE": ["name", "email"],
"RESPONSE_HANDLER_CLASS": "users.services.AppleSignInResponseHandler",
}
NOTE:
- In the above config,
APPLE_REDIRECT_URL
is an endpoint which serves as a proxy to redirect the response of Apple server authorization to theredirect_url
passed as query param while generating Authorization URL. - The response of authorization by Apple is a
POST request
where authcode
andstate
is sent in request body. This endpoint converts the request body data to query params and send it to the redirect URL.
Create Response Handler Class and update path in APPLE_CONFIG
, In this example we are considering it to be in /users/services/AppleSignInResponseHandler
from appleauth.services import AppleAuthResponseHandler
class AppleSignInResponseHandler(AppleAuthResponseHandler):
def handle_fetch_or_create_user(self, request, user_dict):
email = user_dict.get("email", None)
apple_id = user_dict.get("apple_id", None)
# Implement a method to handle user creation
user, is_created = get_or_create_user(email, apple_id)
context = {"is_created": is_created}
return user, context
def generate_response_json(self, user, extra_context):
# Implement a serializer to serialize user data
response = AuthUserSerializer(user, context=extra_context)
return response.data
NOTE:
AuthUserSerializer
used in above ref. could be created as per app's functionality and contain fields which needs to be sent in response of authorization.get_or_create_user
method used in above code ref. could be created as per app's functionality.
Update Routes:
from rest_framework.routers import DefaultRouter
from appleauth.apis import AppleAuthViewset
default_router = DefaultRouter(trailing_slash=False)
default_router.register("auth/apple", AppleAuthViewset, basename="apple-auth")
urlpatterns = [...] + default_router.urls
- Provides following APIs:
- Authorization URL API
- It generates Apple's
authorization-url
used to redirect to Apple's Authorization Server to request consent from resource owner.
- It generates Apple's
- Authorize API
- Exchange authorization code for access token.
- Talk to resource server with access token and fetch user's profile information.
- Authorize IOS Token API
- Verifies an ID Token issued by Apple's authorization server.
- Fetch user details from decoded token.
- Authorization URL API
NOTE: This documentation changes frequently, checkout the changelog for detailed breaking changes and features added.
In order to foster a kind, inclusive, and harassment-free community, we have a code of conduct, which can be found here. We ask you to treat everyone as a smart human programmer that shares an interest in Python and Apple Auth with you.