Apple Identity Provider
95 views
Skip to first unread message
Pedro Igor
Mar 2, 2021, 6:47:02 AM3/2/21
to Keycloak Dev
Hello,
We have a PR for Sign in with Apple[1].
The review is pretty much done but we have a blocker on how we test this provider.
As you will see from the discussions in that PR, Apple charges for a developer program and I'm not sure how we can include it in our test suite. It might happen that they provide a free-of-charge subscription for open source projects, but I'm not sure.
As an alternative, we could have this provider as part of our list of extensions[2] and rely on the community - mainly those interested in it - to keep it updated.
WDYT?
Regards,
Pedro Igor
Regards.
Pedro Igor
田 杰
Mar 2, 2021, 8:38:52 PM3/2/21
to Pedro Igor, Keycloak Dev
IMHO, testing purpose is to make sure
our logic is correct (no need to interact with apple during testing). So the solution might be:
- Mock the responses of apple endpoints
- Verify the callback works as expected with the mocked response
Regards,
Jeff Tian
--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
keycloak-dev...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/keycloak-dev/397eada8-c403-4d91-b939-5f45a1fff649n%40googlegroups.com.
Stian Thorgersen
Mar 3, 2021, 4:21:36 AM3/3/21
to 田 杰, Pedro Igor, Keycloak Dev
I'm afraid we need integration tests that verify it actually works with Apple. Without it we have no way to discover if the implementation breaks due to changes made by Apple (we've seen this several times in the past with other providers). We also don't know if the mock is actually valid.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/A29EBACB-0854-4B6B-A433-2BC8A58B627F%40gmail.com.
Pedro Igor Craveiro e Silva
Mar 3, 2021, 8:42:10 AM3/3/21
to st...@redhat.com, 田 杰, Keycloak Dev
Yeah. So, shall we go with the provider as an extension or we want to invest our time in obtaining a free license (if possible) from Apple, adding it to our test suite, and making sure it won't expire (the developer program expires in 1 year, IIRC)?
IMO, we should have it as an extension. I also think that by having it as an extension we can track adoption and re-think later when we want it to be fully supported.
Regards.
Pedro Igor
Stian Thorgersen
Mar 3, 2021, 9:01:24 AM3/3/21
to Pedro Igor Craveiro e Silva, 田 杰, Keycloak Dev
We'd need someone from the community to investigate if it can be provided for free, implement the testing, and provide us with instructions on setting it up. Alternative is to do it as a community maintained extension.
Václav Muzikář
Mar 3, 2021, 9:28:26 AM3/3/21
to Stian Thorgersen, Pedro Igor Craveiro e Silva, 田 杰, Keycloak Dev
I did a very quick research and I'm afraid automated tests will be difficult if not impossible. Apple IdP requires 2FA to be enabled on an Apple ID account [1]. Apple's 2FA works only with either physical device or the code is sent via SMS [2]. This seems to affect even sandbox accounts [3].
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/CAJgngAdAMJ_Cb--vVE%2BSBH2VmRqxyD21KTufp0F%3DKb4OYV7piQ%40mail.gmail.com.
Václav Muzikář
Senior Software Engineer
Keycloak / Red Hat Single Sign-On
Red Hat Czech s.r.o.
Senior Software Engineer
Keycloak / Red Hat Single Sign-On
Red Hat Czech s.r.o.
Reply all
Reply to author
Forward
0 new messages