Ueberauth for Apple Sign in?


I am looking at implementing Apple Sign in soon and was looking for an out-of-the-box solution in the Elixir community, if there was one. But, since Apple Sign In is so new, I didn’t expect to see any libraries out there.

I however came across the Ueberauth project and was wondering if there were any plans to have Apple be one of the providers?

Thank you.

What is apple sign in? What protocol is it? Is it just OpenID Connect or the older OAuth2 or something else?

Sorry, I should have had more information. Apple says they implemented the OpenID Connect standard, but from an article by Auth0 they say

Apple is using parts of the OAuth 2.0 and OpenID Connect (OIDC) standards.

So I guess another question would be does Ueberauth support OpenID connect flows? Or just the Oauth2 protocol.

I haven’t done much experimenting with the Apple Sign in API, and this question may have been a bit premature. Apologies for that.

EDIT: Apple sign in docs i’m looking at https://developer.apple.com/documentation/signinwithapplerestapi

1 Like

OpenID Connect is mostly just OAuth2 with some auto-finding and so forth. If you manually define the connections for OAuth2 then it generally works on OpenID Connect. So you could probably just take the oauth2 plugin and do that, or fork it and bake in Apple’s connections into it so it becomes fairly configurationless. :slight_smile:

1 Like

If you go with https://github.com/danschultzer/pow you get apple sign in out off the box with https://github.com/pow-auth/assent


Oh, cool. I’ll take a look at Pow, I have not heard of that before. Thanks @Schultzer and @OvermindDL1!

1 Like


I took a look at https://github.com/pow-auth/assent. It is not clear to me how to use it. I have a native iOS app that sends the apple identity token and the authorization code (see apple-documentation) to my phoenix server. The server receives it in the onboarding_controller.ex:

defmodule MyAppWeb.V1.OnboardingController do
  use MyAppWeb, :controller

  def activate(conn, %{"apple_jwt" => apple_jwt, "apple_auth" => apple_auth}) do


I would like to validate the identity token via my Registration-module like so:

def activate(conn, %{"apple_jwt" => apple_jwt, "apple_auth" => apple_auth}) do

  case MyApp.Registration.check_apple_sign_in(apple_jwt, apple_auth) do
    {:ok, apple_user_id} ->
      conn |> put_status(:ok) |> put_view(MyAppWeb.ErrorView) |> render(:"200")
     _ ->
      conn |> put_status(400) |> put_view(MyAppWeb.ErrorView) |> render(:"400") 


Is this possible with assent and how could I achieve this?

You should call the callback method passing along the auth code:

|> Assent.Config.put(:session_params, %{})
|> Assent.Strategy.Apple.callback(%{"code" => apple_auth})
|> case do
  {:ok, %{user: _user, token: _token}} ->
    conn |> put_status(:ok) |> put_view(MyAppWeb.ErrorView) |> render(:"200")
  _ ->
    conn |> put_status(400) |> put_view(MyAppWeb.ErrorView) |> render(:"400") 

:session_params are required in Assent, but in this case it can just be an empty map as you don’t need to validate state.

Remember that the :redirect_uri in the config should match your app. If I remember correctly with Apple it just has to be nil or empty string, since there’s no redirect uri in the app:

config = [
  team_id: "REPLACE_WITH_TEAM_ID",
  private_key_id: "REPLACE_WITH_PRIVATE_KEY_ID",
  private_key_path: "/path/to/key.p8",
  redirect_uri: nil

Wow, it is so easy. Thank you! I got it to work after figuring out that I had to use the bundle identifier of my app as client_id.

1 Like