AppleOAuthServiceInterface
Contract for Apple Sign In operations. Apple uses OAuth 2.0 with JWT-based client secrets and returns user info inside the id_token (not a separate userinfo endpoint). IMPORTANT: Apple only sends the user's name on the FIRST authorization. Consumer plugins must persist the name on first login. Each consumer plugin provides its own redirectUri.
AppleOAuthServiceInterface::getAuthUrl()
abstract public function getAuthUrl(string $redirectUri, ?string $state = null): stringBuild the Apple authorization URL.
Parameters
| Name | Type | Description |
|---|---|---|
| $redirectUri | string | Callback URL specific to the consumer plugin |
| $state | (string | null) | Opaque CSRF-protection value. When given, it is appended to the URL as-is and Apple echoes it back unmodified in the form_post callback body. Generating, storing, and verifying it is entirely the caller's responsibility — this provider only transports it. |
AppleOAuthServiceInterface::exchangeCode()
abstract public function exchangeCode(string $code, string $redirectUri, ?string $userName = null): Milpa\OAuth\DTO\AppleUserInfoExchange authorization code for user info.
Parameters
| Name | Type | Description |
|---|---|---|
| $code | string | Authorization code from Apple callback |
| $redirectUri | string | Must match the one used in getAuthUrl() |
| $userName | (string | null) | User's name from the POST body (only on first auth) |