AppleOAuthService
Apple Sign In OAuth 2.0 protocol implementation. Apple uses a JWT-based client secret generated from a private key, and returns user info inside an id_token (JWT) rather than a userinfo endpoint. IMPORTANT: Apple only sends the user's name on the FIRST authorization. The callback uses response_mode=form_post, so the code arrives via POST body. Required credentials: - APPLE_CLIENT_ID (Services ID, e.g. com.myapp.auth) - APPLE_TEAM_ID (10-char Apple Developer Team ID) - APPLE_KEY_ID (Key ID from Apple Developer Console) - APPLE_PRIVATE_KEY (Contents of the .p8 file)
AppleOAuthService::__construct()
public function __construct(string $clientId, string $teamId, string $keyId, string $privateKey):Parameters
| Name | Type | Description |
|---|---|---|
| $clientId | string | |
| $teamId | string | |
| $keyId | string | |
| $privateKey | string |
AppleOAuthService::getAuthUrl()
public function getAuthUrl(string $redirectUri, ?string $state = null): stringBuild the Apple Sign In authorization URL with response_mode=form_post, requesting the name and email scopes.
Parameters
| Name | Type | Description |
|---|---|---|
| $redirectUri | string | |
| $state | ?string |
AppleOAuthService::exchangeCode()
public function exchangeCode(string $code, string $redirectUri, ?string $userName = null): Milpa\OAuth\DTO\AppleUserInfoGenerate a JWT client secret, exchange the code for an id_token, and decode the user info it carries — Apple has no separate userinfo endpoint.
Parameters
| Name | Type | Description |
|---|---|---|
| $code | string | |
| $redirectUri | string | |
| $userName | ?string |