// $leeway is needed for clock skew Firebase\JWT\JWT::$leeway = 60; $provider = new League\OAuth2\Client\Provider\Apple([ 'clientId' => '{com.muse.appleoauth}', 'teamId' => '{RR25RMZPY3}', // 1A234BFK46 https://developer.apple.com/account/#/membership/ (Team ID) 'keyFileId' => '{2MHN8Z76CJ}', // 1ABC6523AA https://developer.apple.com/account/resources/authkeys/list (Key ID) 'keyFilePath' => '{AuthKey_2MHN8Z76CJ.p8}', // __DIR__ . '/AuthKey_1ABC6523AA.p8' -> Download key above 'redirectUri' => 'https://auth.museapp.art/appleoauth', ]); if (!isset($_POST['code'])) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl(); $_SESSION['oauth2state'] = $provider->getState(); header('Location: '.$authUrl); exit; // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($_POST['state']) || ($_POST['state'] !== $_SESSION['oauth2state'])) { unset($_SESSION['oauth2state']); exit('Invalid state'); } else { // Try to get an access token (using the authorization code grant) /** @var AppleAccessToken $token */ $token = $provider->getAccessToken('authorization_code', [ 'code' => $_POST['code'] ]); // Optional: Now you have a token you can look up a users profile data // Important: The most details are only visible in the very first login! // In the second and third and ... ones you'll only get the identifier of the user! try { // We got an access token, let's now get the user's details $user = $provider->getResourceOwner($token); // Use these details to create a new profile printf('Hello %s!', $user->getFirstName()); } catch (Exception $e) { // Failed to get user details exit(':-('); } // Use this to interact with an API on the users behalf echo $token->getToken(); }