feat: Support for Apple Sign In (#7265)

packages/amplify-category-auth/resources/cloudformation-templates/auth-template.yml.ejs

@@ -589,16 +589,27 @@ Resources:
             - '   let providerCredsIndex = hostedUIProviderCreds.findIndex((provider) => provider.ProviderName === providerName);'
             - '   let providerCreds = hostedUIProviderCreds[providerCredsIndex];'
             - '   let requestParams = {'
-            - '    ProviderDetails: {'
-            - '     ''client_id'': providerCreds.client_id,'
-            - '     ''client_secret'': providerCreds.client_secret,'
-            - '     ''authorize_scopes'': providerMeta.authorize_scopes'
-            - '    },'
             - '    ProviderName: providerMeta.ProviderName,'
             - '    UserPoolId: userPoolId,'
-            - '    AttributeMapping: providerMeta.AttributeMapping'
+            - '    AttributeMapping: providerMeta.AttributeMapping,'
             - '   };'
-            - '   return requestParams;'
+            - '   let providerDetails;'
+            - '   if (providerMeta.ProviderName === ''SignInWithApple'') {'
+            - '    providerDetails = {'
+            - '     ''client_id'': providerCreds.client_id,'
+            - '     ''team_id'': providerCreds.team_id,'
+            - '     ''key_id'': providerCreds.key_id,'
+            - '     ''private_key'': providerCreds.private_key,'
+            - '     ''authorize_scopes'': providerMeta.authorize_scopes,'
+            - '    };'
+            - '   } else {'
+            - '    providerDetails = {'
+            - '     ''client_id'': providerCreds.client_id,'
+            - '     ''client_secret'': providerCreds.client_secret,'
+            - '     ''authorize_scopes'': providerMeta.authorize_scopes,'
+            - '    };'
+            - '   }'
+            - '   return { ProviderDetails: providerDetails, ...requestParams };'
             - '  };'
             - '  let createIdentityProvider = (providerName) => {'
             - '   let requestParams = getRequestParams(providerName);'
@@ -1112,6 +1123,9 @@ Resources:
         <%if (props.authProviders.indexOf('www.amazon.com') !== -1) { %>
         www.amazon.com: !Ref amazonAppId
         <% } %>
+        <%if (props.authProviders.indexOf('appleid.apple.com') !== -1) { %>
+        appleid.apple.com: !Ref appleAppId
+        <% } %>
       <% } %>
       AllowUnauthenticatedIdentities: !Ref allowUnauthenticatedIdentities
       <%if (props.audiences && props.audiences.length > 0) { %>
@@ -1194,4 +1208,8 @@ Outputs :
   AmazonWebClient:
     Value: !Ref amazonAppId
   <% } %>
+  <%if (props.appleAppId) { %>
+  AppleWebClient:
+    Value: !Ref appleAppId
+  <% } %>
   <% } %>

packages/amplify-category-auth/src/provider-utils/awscloudformation/assets/string-maps.js

@@ -136,6 +136,7 @@ const attributeProviderMap = {
     facebook: {},
     google: {},
     loginwithamazon: {},
+    signinwithapple: {},
   },
   birthdate: {
     facebook: {
@@ -147,6 +148,7 @@ const attributeProviderMap = {
       scope: 'profile',
     },
     loginwithamazon: {},
+    signinwithapple: {},
   },
   email: {
     facebook: {
@@ -161,6 +163,10 @@ const attributeProviderMap = {
       attr: 'email',
       scope: 'profile',
     },
+    signinwithapple: {
+      attr: 'email',
+      scope: 'email',
+    },
   },
   family_name: {
     facebook: {
@@ -172,6 +178,10 @@ const attributeProviderMap = {
       scope: 'profile',
     },
     loginwithamazon: {},
+    signinwithapple: {
+      attr: 'lastName',
+      scope: 'name',
+    },
   },
   gender: {
     facebook: {
@@ -183,6 +193,7 @@ const attributeProviderMap = {
       scope: 'profile',
     },
     loginwithamazon: {},
+    signinwithapple: {},
   },
   given_name: {
     facebook: {
@@ -194,6 +205,10 @@ const attributeProviderMap = {
       scope: 'profile',
     },
     loginwithamazon: {},
+    signinwithapple: {
+      attr: 'firstName',
+      scope: 'name',
+    },
   },
   locale: {
     facebook: {},
@@ -202,6 +217,7 @@ const attributeProviderMap = {
       attr: 'postal_code',
       scope: 'postal_code',
     },
+    signinwithapple: {},
   },
   middle_name: {
     facebook: {
@@ -210,6 +226,7 @@ const attributeProviderMap = {
     },
     google: {},
     loginwithamazon: {},
+    signinwithapple: {},
   },
   name: {
     facebook: {
@@ -224,11 +241,13 @@ const attributeProviderMap = {
       attr: 'name',
       scope: 'profile',
     },
+    signinwithapple: {},
   },
   nickname: {
     facebook: {},
     google: {},
     loginwithamazon: {},
+    signinwithapple: {},
   },
   phone_number: {
     facebook: {},
@@ -237,6 +256,7 @@ const attributeProviderMap = {
       scope: 'profile',
     },
     loginwithamazon: {},
+    signinwithapple: {},
   },
   picture: {
     facebook: {
@@ -248,26 +268,31 @@ const attributeProviderMap = {
       scope: 'profile',
     },
     loginwithamazon: {},
+    signinwithapple: {},
   },
   preferred_username: {
     facebook: {},
     google: {},
     loginwithamazon: {},
+    signinwithapple: {},
   },
   profile: {
     facebook: {},
     google: {},
     loginwithamazon: {},
+    signinwithapple: {},
   },
   zoneinfo: {
     facebook: {},
     google: {},
     loginwithamazon: {},
+    signinwithapple: {},
   },
   website: {
     facebook: {},
     google: {},
     loginwithamazon: {},
+    signinwithapple: {},
   },
   username: {
     facebook: {
@@ -282,6 +307,7 @@ const attributeProviderMap = {
       attr: 'user_id',
       scope: 'profile:user_id',
     },
+    signinwithapple: {},
   },
   updated_at: {
     facebook: {
@@ -290,6 +316,7 @@ const attributeProviderMap = {
     },
     google: {},
     loginwithamazon: {},
+    signinwithapple: {},
   },
 };
 
@@ -392,6 +419,11 @@ const authProviders = [
     value: 'www.amazon.com',
     answerHashKey: 'amazonAppId',
   },
+  {
+    name: 'Apple',
+    value: 'appleid.apple.com',
+    answerHashKey: 'appleAppId',
+  },
 ];
 
 const hostedUIProviders = [
@@ -407,6 +439,10 @@ const hostedUIProviders = [
     name: 'Login With Amazon',
     value: 'LoginWithAmazon',
   },
+  {
+    name: 'Sign in with Apple',
+    value: 'SignInWithApple',
+  },
 ];
 
 const authorizeScopes = [

packages/amplify-category-auth/src/provider-utils/awscloudformation/constants.ts

@@ -19,6 +19,10 @@ export const ENV_SPECIFIC_PARAMS = [
   'amazonAppId',
   'loginwithamazonAppIdUserPool',
   'loginwithamazonAppSecretUserPool',
+  'signinwithappleClientIdUserPool',
+  'signinwithappleTeamIdUserPool',
+  'signinwithappleKeyIdUserPool',
+  'signinwithapplePrivateKeyUserPool',
   'hostedUIProviderCreds',
 ];
 
@@ -55,6 +59,10 @@ export const privateKeys = [
   'loginwithamazonAppIdUserPool',
   'loginwithamazonAuthorizeScopes',
   'loginwithamazonAppSecretUserPool',
+  'signinwithappleClientIdUserPool',
+  'signinwithappleTeamIdUserPool',
+  'signinwithappleKeyIdUserPool',
+  'signinwithapplePrivateKeyUserPool',
   'CallbackURLs',
   'LogoutURLs',
   'AllowedOAuthFlows',

packages/amplify-category-auth/src/provider-utils/awscloudformation/import/index.ts

@@ -27,7 +27,7 @@ import { importMessages } from './messages';
 import uuid from 'uuid';
 
 // Currently the CLI only supports the output generation of these providers
-const supportedIdentityProviders = ['COGNITO', 'Facebook', 'Google', 'LoginWithAmazon'];
+const supportedIdentityProviders = ['COGNITO', 'Facebook', 'Google', 'LoginWithAmazon', 'SignInWithApple'];
 
 export const importResource = async (
   context: $TSContext,
@@ -752,6 +752,9 @@ const createMetaOutput = (answers: ImportAnswers, hasOAuthConfig: boolean): Meta
           case 'accounts.google.com':
             output.GoogleWebClient = answers.identityPool!.SupportedLoginProviders![key];
             break;
+          case 'appleid.apple.com':
+            output.AppleWebClient = answers.identityPool!.SupportedLoginProviders![key];
+            break;
           default:
             // We don't do anything with the providers that the CLI currently does not support.
             break;
@@ -815,6 +818,9 @@ const createEnvSpecificResourceParameters = (
         case 'graph.facebook.com':
           envSpecificResourceParameters.facebookAppId = answers.identityPool!.SupportedLoginProviders![key];
           break;
+        case 'appleid.apple.com':
+          envSpecificResourceParameters.appleAppId = answers.identityPool!.SupportedLoginProviders![key];
+          break;
         case 'accounts.google.com': {
           switch (projectType) {
             case 'javascript':
@@ -840,11 +846,23 @@ const createEnvSpecificResourceParameters = (
 };
 
 const createOAuthCredentials = (identityProviders: IdentityProviderType[]): string => {
-  const credentials = identityProviders.map(idp => ({
-    ProviderName: idp.ProviderName!,
-    client_id: idp.ProviderDetails!.client_id,
-    client_secret: idp.ProviderDetails!.client_secret,
-  }));
+  const credentials = identityProviders.map(idp => {
+    if (idp.ProviderName === 'SignInWithApple') {
+      return {
+        ProviderName: idp.ProviderName!,
+        client_id: idp.ProviderDetails!.client_id,
+        team_id: idp.ProviderDetails!.team_id,
+        key_id: idp.ProviderDetails!.key_id,
+        private_key: idp.ProviderDetails!.private_key,
+      };
+    } else {
+      return {
+        ProviderName: idp.ProviderName!,
+        client_id: idp.ProviderDetails!.client_id,
+        client_secret: idp.ProviderDetails!.client_secret,
+      };
+    }
+  });
 
   return JSON.stringify(credentials);
 };

packages/amplify-category-auth/src/provider-utils/awscloudformation/import/types.ts

@@ -44,6 +44,7 @@ export type MetaOutput = {
   AmazonWebClient?: string;
   FacebookWebClient?: string;
   GoogleWebClient?: string;
+  AppleWebClient?: string;
   HostedUIDomain?: string;
   OAuthMetadata?: string;
   CreatedSNSRole?: string;
@@ -59,6 +60,7 @@ export type EnvSpecificResourceParameters = {
   identityPoolName?: string;
   facebookAppId?: string;
   amazonAppId?: string;
+  appleAppId?: string;
   googleIos?: string;
   googleAndroid?: string;
   googleClientId?: string;