Sign in with Apple

I just deployed Firezone on Amazon Linux EC2, and things went pretty well. There was some kind of weird glitch with Caddy but eventually it worked, either through my hapless blundering or just repeated attempts at up and down.

Anyways, one thing I am interested in is adding “Sign in with Apple” functionality. It is based off of OpenID so it is possible it will work. I manually typed in the following url and got a 200:

So I’m pretty sure it can work once I go through all the Apple developer signup stuff.

One hitch though - the client_secret for Apple ID is generated dynamically, using the JWT spec, and those tokens are valid for a maximum of 6 months.

For a home installation, which I have, it is quite feasible to regenerate and replace that client_secret every 6 months, but I was wondering if the firezone server has an API endpoint that might allow updating it programmatically instead. That would be sweet.

btw, Nice work guys!


That’s great to hear Sign in with Apple supports OIDC! We do have a REST API coming imminently as part of 0.7. We hit a few speedbumps getting it shipped but it should be landing Very Soon™.

very cool, looking forward to it!