Technical manual
...
Set up Apple SSO for users
Generate Client Secret for Apple SSO
5 min
we will need to generate a client secret for apple to be able to send authentication requests to apple prerequisites you must have the following credentials already with you developer account's secret key file this refers to the file you create on apple developer account the path of the file looks something simiar to /home/secretfiles/authkey m98lq25t3z p8 key id key id of the secret key that you generate on apple developer account, e g , m98lq25t3z note that the key identifier in your secret key file name matches the key id team id the team id of the developer account it can be obtained from your app id, e g , zlwkhwsk48 client id this is the service id that you have created which can now be used as a client id e g com ir engine qat dev id generate the client secret you can make a request to apple with the required credentials and generate the client secret you can use the script written in the ir engine's repository under scripts/generate apple sso token ts and generate an apple key secret by running the following command on the root folder please refer to the prerequisites section for details of the values being used in the command below npm run generate apple client secret secretkeypath \<secret key path> keyid \<secret key id> teamid \<developer account team id> clientid \<clientid for serviceid> for instance npm run generate apple client secret secretkeypath '/home/secretfiles/authkey m98lq25t3z p8' keyid 'm98lq25t3z' teamid 'zlwkhwsk48' clientid 'com ir engine qat dev id' the client secret's expiry could at maximum be set to 6 months, so we will have to regenerate it after that updating the client secret in ir studio every 6 months, when the client secret expires, you have to get it updated in the running instances of ir studio as per the following generate a new client secret as mentioned above on the deployed instance, go to '/admin/settings#authentication' update the apple client secret and hit save, it should take a couple of minutes to restart the api pods and should be done then also update the client secret value in the "values yaml" file for both the main release and builder you can use the following command as reference for updating the client secret in values yaml files of the deployments run the command separately for main and builder release while updating the corresponding values accordingly helm repo update && helm upgrade reuse values set api extraenv apple callback url=\\\<callbackurl> set api extraenv apple client id=\\\<clientid> set api extraenv apple client secret=\\\<clientsecret> set media extraenv apple callback url=\\\<callbackurl> set media extraenv apple client id=\\\<clientid> set media extraenv apple client secret="\\\<clientsecret>" \\\<main and builder release name> ir engine/ir engine future work and recommendations we could always make the client secret generation automatic, provided that the secret key is placed in a separate and securely accessible location which then can be used to generate client secrets on the go we could update the app's code to be able to dynamically generate and save the client secret so you do not have to manually get it updated every 6 months at the moment we are figuring out to place the secret file in a secure yet accessable location and we can then update our code to generate the client secret automatically