modern-sundown-98061
05/09/2025, 6:42 PMbrief-egg-61061
05/09/2025, 6:42 PMbrief-egg-61061
05/09/2025, 6:43 PMyaml selfservice: methods: oidc: config: providers: - id: apple # This must be "apple" for web browser flows provider: apple client_id: ... # Replace with your Apple Services ID apple_team_id: ... # Replace with your Apple Team ID apple_private_key_id: ... # Replace with your Apple private key identifier apple_private_key: | -----BEGIN PRIVATE KEY----- YOUR_PRIVATE_KEY_CONTENT LINE_2_OF_PRIVATE_KEY ... -----END PRIVATE KEY----- issuer_url: <https://appleid.apple.com> mapper_url: "base64://{YOUR_BASE64_ENCODED_JSONNET_HERE}" # Alternatively, use a URL: # mapper_url: <https://storage.googleapis.com/your-bucket/your-mapping.jsonnet> scope: - email enabled: true
Important notes: - The apple_private_key
field must be a properly formatted multiline string. Use the |
character in YAML to indicate this, and paste the entire private key (including the BEGIN/END lines) with each line on its own line. - If you paste the private key as a single line or with incorrect spacing, Ory may not be able to decode it. This is a common issue when using the Ory Console UI, but it works correctly when using a YAML file and the CLI to update the config [Cannot add Apple private key in Ory Console UI](https://github.com/ory/network/issues/166). - After editing your YAML file, update your Ory project configuration using the CLI: sh ory update identity-config --project <project-id> --workspace <workspace-id> --file identity-config.yaml
For a full step-by-step guide, including how to obtain the required Apple credentials, see the official documentation [Apple social sign-in](https://www.ory.sh/docs/kratos/social-signin/apple#webbrowser).