Skip to content

Commit

Permalink
Resolve Comments from the PR
Browse files Browse the repository at this point in the history
  • Loading branch information
@muradkhateeb78
muradkhateeb78 committed Aug 7, 2024
1 parent 75037d3 commit 8642e65
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 23 deletions.
36 changes: 18 additions & 18 deletions ...es/05_infrastructure/03_devopsDeployment/04_AppleSSOSetup/01_setupAppleOAuth.md
View file
Original file line number Diff line number Diff line change
@@ -1,53 +1,53 @@
# How to set up Apple SSO to be able to let users sign in
Just as we have other OAuth providers that allow users to sign in user their accounts created on other well known platforms, we also have enabled Apple SSO support for IR Studio. This guide scripts down the blueprints to be able to enable it for any particular application.
Just as we have other OAuth providers that allow users to sign in using their accounts created on other well known platforms, we also have enabled Apple SSO support for IR Studio. This guide scripts down the blueprints to be able to enable it for any particular application.

# Pre Requisites
- Apple Developer Account
- An Apple Account add into the developer account with all the right permissions to be able to edit and udpate app details.
- An app where you want to enable Apple SSO, `IR Studio` in our case.
- An Apple Account added into the developer account with all the right permissions to be able to edit and udpate app details.
- An app where you want to enable Apple SSO, `IR Engine` in our case.


Go to [Apple Developer Account](https://idmsa.apple.com/IDMSWebAuth/signin?appIdKey=891bd3417a7776362562d2197f89480a8547b108fd934911bcbea0110d07f757&path=%2Faccount%2F&rv=1) and sign in with and apple Developer account which should have been added to the developer account previously and must have the right permissions. There, you will need to create an App ID, a Service ID and later on a Private Key, these will give you the credentials that you can then use in your app to be able to let users log in using their Apple IDs.

# Create an App ID
In the Apple Developer account, do the following.

- Go to Section named as `Certificates, Ids & Profiles` and click Identifiers.
- Go to section named as `Certificates, Ids & Profiles` and click Identifiers.
- Create a new identifier, which usually can be created by clicking a small '+' icon besides the identifiers headline. If you do not see that, your logged in user might not have the necessary permissions to add the app ID. Please get your users the right permissions before moving ahead.
- Click "App IDs" click "Continue".
- Click "App" in next windown and click "Continue".
- Click "App" in next window and click "Continue".
- Fill in the form that opens up.
- Enter the description.
- Enter the Bundle ID which could be a reverse-domain styled string i.e. 'com.domainname.appname'
- Scroll down to "Capabilities" section and check `Sign In with Apple` and click continue.
- Verify details and click register.
- Enter the description.
- Enter the Bundle ID which could be a reverse-domain styled string i.e. 'com.domainname.appname'
- Scroll down to "Capabilities" section and check `Sign In with Apple` and click continue.
- Verify details and click register.

# Create a Service ID
In the Apple Developer account, do the following.

- Go to section named as `Certificates, Ids & Profiles` and click Identifiers.
- Click the '+' button beside the 'identifiers'.
- Click "Service IDs" and click "Continue".
- Enter the description.
- Enter the Bundle ID which could be a reverse-domain styled string i.e. 'com.domainname.appname'
- Click "Continue" and "Register".
- Enter the description.
- Enter the Bundle ID which could be a reverse-domain styled string i.e. 'com.domainname.appname'
- Click "Continue" and "Register".
- Edit the service ID that you just created. Check `Sign In with Apple` and click on the "Configure" button besides the checked option.
- You will see a screen for "Web Auhentication Configuration". Select the App ID we created previously as the "Primary App ID". You can add the domains e.g, `ir-engine-qat-dev-api.theinfinitereality.io` and the Return URLs e.g, `https://ir-engine-qat-dev-api.theinfinitereality.io/oauth/apple/callback` on which the user will be redirected once it is authentication by Apple.
- Click "Continue", verify the details and click "Save".
- You will see a screen for "Web Auhentication Configuration". Select the App ID we created previously as the "Primary App ID". You can add the domains e.g, `ir-engine-qat-dev-api.theinfinitereality.io` and the Return URLs e.g, `https://ir-engine-qat-dev-api.theinfinitereality.io/oauth/apple/callback` on which the user will be redirected once it is authentication by Apple.
- Click "Continue", verify the details and click "Save".

**NOTE**
Please note that the Service ID that you just created will serve as your Client ID while sending authentication requests from your app.
The Service ID that you just created will serve as your Client ID while sending authentication requests from your app.

# Create the Secret Key
We will also need to create a secret key that we can then use to generate the `Client Secret` which again will be used while sending an authentication request to Apple.
We will also need to create a secret key that we can then use to generate the "Client Secret" which again will be used while sending an authentication request to Apple.

- Go to "Certificates, Identifiers & Profiles > Keys".
Click the '+' button beside the 'keys'.
- Click the '+' button beside the 'keys'.
- Give a Key Name and check the "Sign In With Apple" checkbox.
- Click Configure next to the "Sign In With Apple" checkbox and select the App ID we previously created under the "Choose a Primary App ID" key.
- Click save, verify the details and click Register.
- Download the Key and Keep it in a safe and secure place. `Please note that this can only be downloaded once, so save it to a safe and secure location`.
- Click Done.

**NOTE**
You can keep one App ID and a Secret Key and multiple Service IDs for each environment. But a better practice would be to decouple the App IDs, Service ID and Secret Key for different environments.
You can keep one App ID and a Secret Key and multiple Service IDs for each environment. But a better practice would be to decouple the App IDs, Service ID and Secret Key for each environments.
10 changes: 5 additions & 5 deletions ..._infrastructure/03_devopsDeployment/04_AppleSSOSetup/02_generateClientSecret.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ We will need to generate a Client Secret for Apple to be able to send authentica

You must have the following credentials already with you.

- Developer Account's secret Key file, "This refers to the file that you had created while creating the secret key on Apple Developer account for this deployment." Path of the file could look something simiar to `/home/SecretFiles/AuthKey_M98LQ25T3Z.p8`
- Key ID, "Key ID of the Secret key that you may have generated on Apple Developer account for this deployment". e.g. "M98LQ25T3Z". Note that the key identifier in your secret key file name is matching with the Key ID. "ZLWKHWSK48"
- Team ID, "The team IT of the developer account. It can be obtained from the App ID that you have created for this deplooyment."
- Client ID, "This is the service ID that you have created which can now be used as a client ID" e.g,e.g. "com.ir-engine.qat-dev.id"
- **Developer Account's secret Key file**: This refers to the file that you had created while creating the secret key on Apple Developer account for this deployment. The path of the file could look something simiar to `/home/SecretFiles/AuthKey_M98LQ25T3Z.p8`
- **Key ID**: Key ID of the Secret key that you may have generated on Apple Developer account for this deployment. e.g. "M98LQ25T3Z". Note that the key identifier in your secret key file name is matching with the Key ID.
- **Team ID**: The team ID of the developer account. It can be obtained from the App ID that you have created for this deployment. e.g, "ZLWKHWSK48"
- **Client ID**: This is the service ID that you have created which can now be used as a client ID. e.g. "com.ir-engine.qat-dev.id"

# Generate the Client Secret

Expand All @@ -28,7 +28,7 @@ Every 6 months, when the Client Secret will expire, you will have to get it upda
- Generate a new Client Secret as mentioned above.
- On the deployed instance, go to '/admin/settings#authentication'.
- Update the Apple Client Secret and hit save, it should take a couple of minutes to restart the API pods and should be done then.
- Also update the client Secret value in the "Values.yaml" file for both the main release and builder. You can use the following command as reference for updating the Client Secret in Values.yaml files of the deployments. Run the command separately for Main and Builder release while updating the corresponding values accordingly.
- Also update the Client Secret value in the "Values.yaml" file for both the main release and builder. You can use the following command as reference for updating the Client Secret in Values.yaml files of the deployments. Run the command separately for Main and Builder release while updating the corresponding values accordingly.

```
helm repo update && helm upgrade --reuse-values --set api.extraEnv.APPLE_CALLBACK_URL=\<CallbackURL> --set api.extraEnv.APPLE_CLIENT_ID=\<ClientID> --set api.extraEnv.APPLE_CLIENT_SECRET=\<ClientSecret> --set media.extraEnv.APPLE_CALLBACK_URL=\<CallbackURL> --set media.extraEnv.APPLE_CLIENT_ID=\<ClientID> --set media.extraEnv.APPLE_CLIENT_SECRET="\<ClientSecret>" \<Main and builder Release Name> etherealengine/etherealengine
Expand Down

0 comments on commit 8642e65

Please sign in to comment.