Skip to content
docsv0.1.0

AppleOAuthServiceInterface

Contract for Apple Sign In operations. Apple uses OAuth 2.0 with JWT-based client secrets and returns user info inside the id_token (not a separate userinfo endpoint). IMPORTANT: Apple only sends the user's name on the FIRST authorization. Consumer plugins must persist the name on first login. Each consumer plugin provides its own redirectUri.

AppleOAuthServiceInterface::getAuthUrl()

abstract public function getAuthUrl(string $redirectUri, ?string $state = null): string

Build the Apple authorization URL.

Parameters

Parameters of getAuthUrl()
NameTypeDescription
$redirectUristringCallback URL specific to the consumer plugin
$state(string | null)Opaque CSRF-protection value. When given, it is appended to the URL as-is and Apple echoes it back unmodified in the form_post callback body. Generating, storing, and verifying it is entirely the caller's responsibility — this provider only transports it.

AppleOAuthServiceInterface::exchangeCode()

abstract public function exchangeCode(string $code, string $redirectUri, ?string $userName = null): Milpa\OAuth\DTO\AppleUserInfo

Exchange authorization code for user info.

Parameters

Parameters of exchangeCode()
NameTypeDescription
$codestringAuthorization code from Apple callback
$redirectUristringMust match the one used in getAuthUrl()
$userName(string | null)User's name from the POST body (only on first auth)