# Apple (/docs/configuration/authentication/OAuth2-OIDC/apple) ## Prerequisites Before you begin, ensure you have the following: - **Apple Developer Account:** If you don't have one, enroll [here](https://developer.apple.com/programs/enroll/). --- ## Creating a New App ID ### 1. Log in to the Apple Developer Console - **Action:** - Visit [Apple Developer](https://developer.apple.com/) and sign in with your Apple ID. ### 2. Navigate to Identifiers - Go to **Certificates, Identifiers & Profiles**. - Click on **Identifiers** in the sidebar. ### 3. Create a New App ID 1. Click the **"+"** button to add a new identifier. 2. Select **App IDs** and click **Continue**. 3. Choose **App** and click **Continue**. 4. Enter a **Description** for your App ID (e.g., `LibreChat App ID`). 5. Set the **Bundle ID** (e.g., `com.yourdomain.librechat`). 6. Click **Continue** and then **Register**. - **Image References:** - ![Create App ID](https://user-images.githubusercontent.com/5569219/59017558-6d643600-8861-11e9-927b-a4952b56f34e.png) *Figure 1: Creating a New App ID* - ![Select App](https://github.com/user-attachments/assets/7b67c1bb-dea0-4475-ad45-e3c13ad514d5) *Figure 2: Selecting App Identifier* ### 4. Enable "Sign in with Apple" 1. After creating the App ID, click on it to edit. 2. Under **Capabilities**, find and check **Sign in with Apple**. 3. Click **Save**. - **Image Reference:** - ![Enable Sign in with Apple](https://user-images.githubusercontent.com/5569219/59017720-dea3e900-8861-11e9-898e-f486c093edd8.png) *Figure 3: Enabling "Sign in with Apple"* --- ## Creating a Services ID ### 1. Navigate to Identifiers - In the **Certificates, Identifiers & Profiles** section, click on **Identifiers**. ### 2. Create a New Services ID 1. Click the **"+"** button. 2. Select **Services IDs** and click **Continue**. 3. Enter a **Description** (e.g., `LibreChat Services ID`). 4. Enter an **Identifier** (e.g., `com.yourdomain.librechat.services`). 5. Click **Continue** and then **Register**. - **Image References:** - ![Select Services ID](https://user-images.githubusercontent.com/5569219/59017808-16ab2c00-8862-11e9-8beb-4da7bb509b0c.png) *Figure 4: Selecting Services ID* - ![Create Services ID](https://github.com/user-attachments/assets/cac99e43-a6d7-4fb8-890d-eabd87a60e7d) *Figure 5: Creating Services ID* ### 3. Configure "Sign in with Apple" 1. Click on the newly created Services ID. 2. Under **Capabilities**, click **Configure** next to **Sign in with Apple**. 3. Enter your **Domains** (e.g., `your-domain.com`) and **Return URLs** (e.g., `https://your-domain.com/oauth/apple/callback`). 4. Click **Next** and then **Register**. - **Image Reference:** - ![Configure Sign in with Apple](https://github.com/user-attachments/assets/9309e1c1-6f98-49fc-a87d-bb5f46e200f7) *Figure 6: Configuring "Sign in with Apple" for Services ID* - ![Web Authentication Configuration](https://github.com/user-attachments/assets/d1ca9ad2-e555-4083-a974-b26239c9694f) *Figure 7: Web Authentication Configuration* - ![Web Authentication Configuration](https://github.com/user-attachments/assets/8facac9e-002f-458b-8049-63c91afc30de) *Figure 8: Save edit Services ID Configuration* --- ## Creating a Key ### 1. Navigate to Keys - In the **Certificates, Identifiers & Profiles** section, click on **Keys**. ### 2. Create a New Key 1. Click the **"+"** button to add a new key. 2. Enter a **Key Name** (e.g., `LibreChatSignInWithApple`). 3. Select **Sign in with Apple** under **Capabilities**. 4. Click **Configure** and select the created App ID (e.g., `com.yourdomain.librechat`), then click **Save**. 5. Click **Continue** and then **Register**. - **Image References:** - ![Create Key](https://github.com/user-attachments/assets/6db095dd-79dd-485d-a57a-8b1ea523b67f) *Figure 8: Creating a New Key* - ![Configure Key](https://github.com/user-attachments/assets/30b593ab-b8f3-4d94-b56d-1eeac1900a1f) *Figure 9: Configuring the Key with App ID* - ![Register a New Key](https://github.com/user-attachments/assets/91aa4d6e-9b5c-4f7c-bb1a-5980015ee15d) *Figure 10: Registering the Key* ### 3. Download the Private Key 1. After creating the key, click **Download**. 2. **Important:** Save the `.p8` file securely. You will not be able to download it again. 3. Note the **Key ID**; you'll need it for the `.env` file. - **Image Reference:** - ![Download Your Key](https://github.com/user-attachments/assets/79e5aefa-9797-4fa7-bdf9-cb4b526ab3dd) *Figure 11: Downloading the Private Key* --- ## Configuring LibreChat ### 1. Update `.env` Configuration Add the following Apple OAuth2 configuration to your `.env` file: ```env filename=".env" DOMAIN_CLIENT=https://your-domain.com # use http://localhost:3080 if not using a custom domain DOMAIN_SERVER=https://your-domain.com # use http://localhost:3080 if not using a custom domain # Apple APPLE_CLIENT_ID=com.yourdomain.librechat.services APPLE_TEAM_ID=YOUR_TEAM_ID APPLE_KEY_ID=YOUR_KEY_ID APPLE_PRIVATE_KEY_PATH=/path/to/AuthKey.p8 # Absolute path to your downloaded .p8 file APPLE_CALLBACK_URL=/oauth/apple/callback ``` > **Note:** > - Replace `com.yourdomain.librechat.services` with your actual Services ID. > - Replace `YOUR_TEAM_ID` and `YOUR_KEY_ID` with the respective values from your Apple Developer account. > - If using Docker, ensure the `.p8` file is accessible within your Docker container and update the `APPLE_PRIVATE_KEY_PATH` accordingly. ### 2. Restart LibreChat After updating the `.env` file, restart LibreChat to apply the changes. - **If using Docker:** ```bash docker compose up -d ``` --- ## Troubleshooting If you encounter issues during the setup, consider the following solutions: - **Invalid Redirect URI:** - Ensure that the redirect URI in your Apple Developer Console (`https://your-domain.com/oauth/apple/callback`) matches exactly with the one specified in your `.env` file (`APPLE_CALLBACK_URL`). - **Private Key Issues:** - Verify that the path to your `.p8` file (`APPLE_PRIVATE_KEY_PATH`) is correct. - Ensure that LibreChat has read permissions for the `.p8` file. - **Team ID and Key ID Errors:** - Double-check that the `APPLE_TEAM_ID` and `APPLE_KEY_ID` in your `.env` file match those in your Apple Developer Account. - **Domain Verification Failed:** - Ensure that the verification file is correctly uploaded to the root of your domain. - Verify that there are no typos in the domain name entered during configuration. - **Docker Configuration Issues:** - If using Docker, confirm that the `.p8` file is properly mounted and the path in `APPLE_PRIVATE_KEY_PATH` is accessible within the container. - **Check Logs:** - Review LibreChat logs for any error messages related to Apple authentication. This can provide specific insights into what might be going wrong.