Does st.login(provider="apple") work?

Using Streamlit
1

Hi all,

I am quite excited to see in 1.42 release note, that…

I need to SignIn with Apple in my app, so looked it.

Though, in st.login - Streamlit Docs there are configuration example for google/microsoft/okta etc but none for apple.

I’m not 100% sure if apple sign in is (yet) OIDC, it kind of seems from Apple - OpenID Foundation that it should be.

So wondering if it is already works? If it does how that configuration would look like?

I was trying with FastAPI (just to wrap my head around it):

from authlib.integrations.starlette_client import OAuth # Authlib==1.4.1

# Apple OAuth credentials
APPLE_CLIENT_ID = "..."
APPLE_TEAM_ID = "..."
APPLE_KEY_ID = "..."
PRIVATE_KEY_PATH = "AuthKey_****p8"

REDIRECT_URI = "https://.../auth/apple/callback" 

# JWT for Apple client_secret
def generate_client_secret():
    with open(PRIVATE_KEY_PATH, "r") as f:
        private_key = f.read()
    now = int(time.time())
    payload = {
        "iss": APPLE_TEAM_ID,
        "iat": now,
        "exp": now + 3600,
        "aud": "https://appleid.apple.com",
        "sub": APPLE_CLIENT_ID,
    }
    headers = {"kid": APPLE_KEY_ID, "alg": "ES256"}
    return jwt.encode(payload, private_key, algorithm="ES256", headers=headers)

oauth = OAuth()
oauth.register(
    name="apple",
    client_id=APPLE_CLIENT_ID,
    client_secret=generate_client_secret(),
    authorize_url="https://appleid.apple.com/auth/authorize",
    access_token_url="https://appleid.apple.com/auth/token",
    client_kwargs={
        "scope": "email name",
        "response_mode": "form_post",
    }
)

@app.get("/auth/apple/login")
async def login(request: Request):
    response = await oauth.apple.authorize_redirect(request, REDIRECT_URI)
    return response

@app.post("/auth/apple/callback")
async def auth_callback(request: Request):
    token = await oauth.apple.authorize_access_token(request)
    user_info = token.get("id_token")
    
    return {"token": token, "user_info": user_info}

Which breaks token = await oauth.apple.authorize_access_token(request)
with error mismatching_state: CSRF Warning! State not equal in request and response.

So, unless I’m missing something here, it looks like Apple SignIn isn’t even OAuth2 compliant.

2

I haven’t closely investigated Apple’s developer tools yet, but you can include Apple as a social login with Auth0. (And there’s an Auth0 example.)

image
image2478×864 165 KB

1 Like
3

Thanks of replying and quite interesting. Can you please share the link you took that screenshot from? Don’t seem to find it.

4
  1. Go to auth0.com and select “Login” in the upper corner. (Or “Sign up” if you don’t have an account yet.)
  2. On the left, expand “Authentication” and select “Social.”
  3. On the right, select “Create connection.”
  4. Search for and select “Apple.”