Anybody get "Sign in with Apple" working in CAS natively?

[Andy Ng]

Hi all,

Would like to know anybody got "Sign in with Apple" working in CAS natively?

I got it working my doing some customization (I will attach below) because of some weird issue which I cannot understand.

While I would like to investigate on submiting a PR, but I am not sure if I am the only one having issue with this or not so want to ask the group first.

Cheers!

- Andy

Attached is my customization which makes Sign in with Apple work:

=========================================

MyOrgAppleOidcAuthenticator.java

/**

 * Fix an issue which the secret cannot be refresh again during validation.

 *

 */

@Slf4j

public class MyOrgAppleOidcAuthenticator extends OidcAuthenticator {

    public MyOrgAppleOidcAuthenticator(OidcConfiguration configuration, OidcClient client) {

        super(configuration, client);

    }

    /**

     * If client is secret post, set the client authentication again so the secret can be get again

     * <p>

     * Also, set the user profile after validate, so it can validate the userprofile

     *

     * @param cred

     * @param context

     */

    @Override

    public void validate(final OidcCredentials cred, final WebContext context) {

        ClientAuthentication clientAuthentication = getClientAuthentication();

        if (clientAuthentication instanceof ClientSecretPost) {

            LOGGER.debug("Get secret again from validate for Apple Login");

            final ClientID clientId = new ClientID(configuration.getClientId());

            final Secret secret = new Secret(configuration.getSecret());

            ClientSecretPost clientSecretPost = new ClientSecretPost(clientId, secret);

            setClientAuthentication(clientSecretPost);

        }

        super.validate(cred, context);

    }

}

=================================================================================================

MyOrgDefaultDelegatedClientFactory.java

/**

 * Set Apple Client

 *

 */

@Slf4j

@Getter

public class MyOrgDefaultDelegatedClientFactory extends DefaultDelegatedClientFactory {

    private final CasConfigurationProperties casProperties;

    public MyOrgDefaultDelegatedClientFactory(

            CasConfigurationProperties casProperties,

            Collection<DelegatedClientFactoryCustomizer> customizers) {

        super(casProperties, customizers);

        this.casProperties = casProperties;

    }

    @Override

    protected void configureClient(final IndirectClient client, final Pac4jBaseClientProperties props) {

        if(client instanceof AppleClient){

            client.setAuthenticator(

                new MyOrgAppleOidcAuthenticator(((AppleClient) client).getConfiguration(), (AppleClient) client)

            );

        }

        super.configureClient(client, props);

    }

}

=========================================

cas.yml

cas:

  authn:

    pac4j:

      oidc:

        - apple:

            client-name: XXXX

            private-key: file:/abd/def/myapplecert.p8

            private-key-id: xxxx

            team-id: xxxxx

            id: xxx.yyy.zzz

            response-mode: form_post

            scope: openid name

            response-type: code id_token

            use-nonce: true

[Jiří Málek]

Hi, I used your code in CAS 6.3 and I am able to authenticate the user for the first time. If I open a private window and try to authenticate again, I get an error <Token response: status=400, content={"error":"invalid_client"}>. Have you encountered this error as well?

Thanks

Dne pátek 25. června 2021 v 6:33:17 UTC+2 uživatel Andy Ng napsal: