added apple oauth2 integration

apis/record_auth.go

@@ -129,6 +129,16 @@ func (api *recordAuthApi) authMethods(c echo.Context) error {
 		codeVerifier := security.RandomString(43)
 		codeChallenge := security.S256Challenge(codeVerifier)
 		codeChallengeMethod := "S256"
+		urlOpts := []oauth2.AuthCodeOption{
+			oauth2.SetAuthURLParam("code_challenge", codeChallenge),
+			oauth2.SetAuthURLParam("code_challenge_method", codeChallengeMethod),
+		}
+
+		if name == auth.NameApple {
+			// see https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms#3332113
+			urlOpts = append(urlOpts, oauth2.SetAuthURLParam("response_mode", "query"))
+		}
+
 		result.AuthProviders = append(result.AuthProviders, providerInfo{
 			Name:                name,
 			State:               state,
@@ -137,9 +147,8 @@ func (api *recordAuthApi) authMethods(c echo.Context) error {
 			CodeChallengeMethod: codeChallengeMethod,
 			AuthUrl: provider.BuildAuthUrl(
 				state,
-				oauth2.SetAuthURLParam("code_challenge", codeChallenge),
-				oauth2.SetAuthURLParam("code_challenge_method", codeChallengeMethod),
-			) + "&redirect_uri=", // empty redirect_uri so that users can append their url
+				urlOpts...,
+			) + "&redirect_uri=", // empty redirect_uri so that users can append their redirect url
 		})
 	}
 

apis/settings.go

@@ -22,6 +22,7 @@ func bindSettingsApi(app core.App, rg *echo.Group) {
 	subGroup.PATCH("", api.set)
 	subGroup.POST("/test/s3", api.testS3)
 	subGroup.POST("/test/email", api.testEmail)
+	subGroup.POST("/apple/generate-client-secret", api.generateAppleClientSecret)
 }
 
 type settingsApi struct {
@@ -121,8 +122,8 @@ func (api *settingsApi) testEmail(c echo.Context) error {
 
 	// send
 	if err := form.Submit(); err != nil {
+		// form error
 		if fErr, ok := err.(validation.Errors); ok {
-			// form error
 			return NewBadRequestError("Failed to send the test email.", fErr)
 		}
 
@@ -132,3 +133,28 @@ func (api *settingsApi) testEmail(c echo.Context) error {
 
 	return c.NoContent(http.StatusNoContent)
 }
+
+func (api *settingsApi) generateAppleClientSecret(c echo.Context) error {
+	form := forms.NewAppleClientSecretCreate(api.app)
+
+	// load request
+	if err := c.Bind(form); err != nil {
+		return NewBadRequestError("An error occurred while loading the submitted data.", err)
+	}
+
+	// generate
+	secret, err := form.Submit()
+	if err != nil {
+		// form error
+		if fErr, ok := err.(validation.Errors); ok {
+			return NewBadRequestError("Invalid client secret data.", fErr)
+		}
+
+		// secret generation error
+		return NewBadRequestError("Failed to generate client secret. Raw error: \n"+err.Error(), nil)
+	}
+
+	return c.JSON(http.StatusOK, map[string]any{
+		"secret": secret,
+	})
+}

apis/settings_test.go

@@ -65,6 +65,7 @@ func TestSettingsList(t *testing.T) {
 				`"oidcAuth":{`,
 				`"oidc2Auth":{`,
 				`"oidc3Auth":{`,
+				`"appleAuth":{`,
 				`"secret":"******"`,
 				`"clientSecret":"******"`,
 			},
@@ -139,6 +140,7 @@ func TestSettingsSet(t *testing.T) {
 				`"oidcAuth":{`,
 				`"oidc2Auth":{`,
 				`"oidc3Auth":{`,
+				`"appleAuth":{`,
 				`"secret":"******"`,
 				`"clientSecret":"******"`,
 				`"appName":"acme_test"`,
@@ -202,6 +204,7 @@ func TestSettingsSet(t *testing.T) {
 				`"oidcAuth":{`,
 				`"oidc2Auth":{`,
 				`"oidc3Auth":{`,
+				`"appleAuth":{`,
 				`"secret":"******"`,
 				`"clientSecret":"******"`,
 				`"appName":"update_test"`,