I just deployed Firezone on Amazon Linux EC2, and things went pretty well. There was some kind of weird glitch with Caddy but eventually it worked, either through my hapless blundering or just repeated attempts at up and down.
Anyways, one thing I am interested in is adding “Sign in with Apple” functionality. It is based off of OpenID so it is possible it will work. I manually typed in the following url and got a 200: https://appleid.apple.com/.well-known/openid-configuration
So I’m pretty sure it can work once I go through all the Apple developer signup stuff.
One hitch though - the client_secret
for Apple ID is generated dynamically, using the JWT spec, and those tokens are valid for a maximum of 6 months.
For a home installation, which I have, it is quite feasible to regenerate and replace that client_secret
every 6 months, but I was wondering if the firezone server has an API endpoint that might allow updating it programmatically instead. That would be sweet.
btw, Nice work guys!
Tim