Skip to content
docsv0.1.0

AppleOAuthService

Apple Sign In OAuth 2.0 protocol implementation. Apple uses a JWT-based client secret generated from a private key, and returns user info inside an id_token (JWT) rather than a userinfo endpoint. IMPORTANT: Apple only sends the user's name on the FIRST authorization. The callback uses response_mode=form_post, so the code arrives via POST body. Required credentials: - APPLE_CLIENT_ID (Services ID, e.g. com.myapp.auth) - APPLE_TEAM_ID (10-char Apple Developer Team ID) - APPLE_KEY_ID (Key ID from Apple Developer Console) - APPLE_PRIVATE_KEY (Contents of the .p8 file)

AppleOAuthService::__construct()

public function __construct(string $clientId, string $teamId, string $keyId, string $privateKey):

Parameters

Parameters of __construct()
NameTypeDescription
$clientIdstring
$teamIdstring
$keyIdstring
$privateKeystring

AppleOAuthService::getAuthUrl()

public function getAuthUrl(string $redirectUri, ?string $state = null): string

Build the Apple Sign In authorization URL with response_mode=form_post, requesting the name and email scopes.

Parameters

Parameters of getAuthUrl()
NameTypeDescription
$redirectUristring
$state?string

AppleOAuthService::exchangeCode()

public function exchangeCode(string $code, string $redirectUri, ?string $userName = null): Milpa\OAuth\DTO\AppleUserInfo

Generate a JWT client secret, exchange the code for an id_token, and decode the user info it carries — Apple has no separate userinfo endpoint.

Parameters

Parameters of exchangeCode()
NameTypeDescription
$codestring
$redirectUristring
$userName?string