appleauth 0.0.1

Python library to implement Sign In with Apple in your Django backend.

Apple Auth

Python library to implement Sign In with Apple in your Django backend.

Table of Contents

• 💾 Installation
• 🍎 Apple docs
• 📝 Configuration
• 🚀 Usage
• 🤖 Endpoints
• 📜 Code Of Conduct

💾 Installation

To easily install or upgrade to the latest release, use pip.

$ pip install appleauth

🍎 Apple docs

From now on, some stuff is much better explained on the Apple docs, so when in doubt just check (if you haven't done so) the following documents:

• Sign In With Apple
• Request an authorization to the Sign in with Apple server
• Generate and validate tokens
• Revoke tokens

📝 Configuration

To start using the lib, some Apple Keys needs to be generated:

• client_id (string)
  • The identifier (App ID or Services ID) for your app. The identifier must not include your Team ID, to help prevent the possibility of exposing sensitive data to the end user.
• client_secret (string)
  • A secret JSON Web Token, generated by the developer, that uses the Sign in with Apple private key associated with your developer account. Authorization code and refresh token validation requests require this parameter.
• team_id (string)
  • Team ID of your developer account this can be found in your apple developer portal => identifier of your app => "App ID prefix".
• key_id (string)
  • The Key ID of the p8 file.

🚀 Usage

You can install the library directly from PYPI using pip:

pip install appleauth

Edit your settings.py file and update INSTALLED_APPS and APPLE_CONFIG with the appropriate keys generated via Apple Developer Portal:

INSTALLED_APPS = [
        ...,
        "appleauth"
]

# Apple Config
APPLE_CONFIG = {
    "APPLE_KEY_ID": "",
    "APPLE_TEAM_ID": "",
    "APPLE_CLIENT_ID": "",
    "APPLE_PRIVATE_KEY": "",
    "APPLE_REDIRECT_URL": "{{BASE URL}}/auth/apple/token", # https://127.0.0.1:8000/auth/apple/token
    "APPLE_SCOPE": ["name", "email"],
    "RESPONSE_HANDLER_CLASS": "users.services.AppleSignInResponseHandler",
}

NOTE:

• In the above config, APPLE_REDIRECT_URL is an endpoint which serves as a proxy to redirect the response of Apple server authorization to the redirect_url passed as query param while generating Authorization URL.
• The response of authorization by Apple is a POST request where auth code and state is sent in request body. This endpoint converts the request body data to query params and send it to the redirect URL.

Create Response Handler Class and update path in APPLE_CONFIG, In this example we are considering it to be in /users/services/AppleSignInResponseHandler

from appleauth.services import AppleAuthResponseHandler

class AppleSignInResponseHandler(AppleAuthResponseHandler):
    def handle_fetch_or_create_user(self, request, user_dict):
        email = user_dict.get("email", None)
        apple_id = user_dict.get("apple_id", None)

        # Implement a method to handle user creation
        user,  is_created = get_or_create_user(email, apple_id)
        context = {"is_created": is_created}

        return user, context

    def generate_response_json(self, user, extra_context):

        # Implement a serializer to serialize user data
        response = AuthUserSerializer(user, context=extra_context)

        return response.data

NOTE:

• AuthUserSerializer used in above ref. could be created as per app's functionality and contain fields which needs to be sent in response of authorization.
• get_or_create_user method used in above code ref. could be created as per app's functionality.

Update Routes:

from rest_framework.routers import DefaultRouter
from appleauth.apis import AppleAuthViewset

default_router = DefaultRouter(trailing_slash=False)

default_router.register("auth/apple", AppleAuthViewset, basename="apple-auth")

urlpatterns = [...] + default_router.urls

🤖 Endpoints

• Provides following APIs:
  • Authorization URL API
    • It generates Apple's authorization-url used to redirect to Apple's Authorization Server to request consent from resource owner.
  • Authorize API
    • Exchange authorization code for access token.
    • Talk to resource server with access token and fetch user's profile information.
  • Authorize IOS Token API
    • Verifies an ID Token issued by Apple's authorization server.
    • Fetch user details from decoded token.

NOTE: This documentation changes frequently, checkout the changelog for detailed breaking changes and features added.

Code of Conduct

In order to foster a kind, inclusive, and harassment-free community, we have a code of conduct, which can be found here. We ask you to treat everyone as a smart human programmer that shares an interest in Python and Apple Pass Generator with you.