lade-devs/socialite-apple-jwt-generator

Laravel Socialite Apple Login Helper to generate and manage Client Secret

Maintainers

Package info

github.com/lade-devs/socialite-apple-jwt-generator

pkg:composer/lade-devs/socialite-apple-jwt-generator

Statistics

Installs: 196

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v1.0.1 2026-06-04 16:27 UTC

Requires

Requires (Dev)

MIT 3231c04a8af7cd048eed42f7353aafb84f4f99b8

  • LadeDevs <olumayokunolayinka.woop@gmail.com>

applelaravelsocialitelaravel socialitesign in with applesocialite appleclient key generatorclient key refreshapple client keyapple sign inlaravel apple

This package is auto-updated.

Last update: 2026-06-04 17:40:40 UTC

README

Latest Stable Version Total Downloads Tests License

Laravel Socialite helper to generate and auto-refresh the Apple Sign-In client secret — a signed ES256 JWT required by Apple's OAuth flow.

Apple enforces a maximum 6-month (180-day) expiry on client secrets.
This package handles generation, storage in .env, and scheduled automatic refresh.

Requirements

Version
PHP ^8.3
Laravel ^12.0
lcobucci/jwt ^5.6

Installation

composer require lade-devs/socialite-apple-jwt-generator

Laravel's package auto-discovery registers the service provider automatically.

Apple Developer Setup

You will need the following from the Apple Developer Portal:

  1. Team ID – found under Membership.
  2. Key ID – found under Certificates, Identifiers & Profiles → Keys.
  3. Client ID – your Services ID identifier (e.g. com.example.signin).
  4. Auth Key file (.p8) – downloaded when you create the key.
    Place it inside storage/app/ and note the filename, e.g. AuthKey_ABCDEF1234.p8.
  5. Redirect URI – the fully-qualified HTTPS callback URL registered in your Services ID.

Configuration

1. Run the interactive setup

php artisan socialite:apple

The command prompts for all five values above plus a refresh interval (default 180 days), generates the client secret JWT, and writes everything to .env.

2. Add to config/services.php

This ensures values survive php artisan config:cache in production:

'apple' => [
    'client_id'                   => env('APPLE_CLIENT_ID'),
    'client_secret'               => env('APPLE_CLIENT_SECRET'),
    'redirect'                    => env('APPLE_REDIRECT_URI'),
    'key_id'                      => env('APPLE_KEY_ID'),
    'team_id'                     => env('APPLE_TEAM_ID'),
    'auth_key'                    => env('APPLE_AUTH_KEY'),
    'client_secret_updated_at'    => env('APPLE_CLIENT_SECRET_UPDATED_AT'),
    'refresh_token_interval_days' => env('APPLE_REFRESH_TOKEN_INTERVAL_DAYS', 180),
],

Automatic Secret Refresh

The package registers a scheduled task that checks every minute whether the secret is due for renewal based on APPLE_REFRESH_TOKEN_INTERVAL_DAYS and APPLE_CLIENT_SECRET_UPDATED_AT.

Make sure Laravel's task scheduler is running:

* * * * * cd /path-to-your-project && php artisan schedule:run >> /dev/null 2>&1

Manual refresh

php artisan socialite:apple --refresh

Environment Variables

Variable Description
APPLE_CLIENT_ID Your Services ID
APPLE_CLIENT_SECRET Generated JWT (managed by this package)
APPLE_REDIRECT_URI OAuth callback URL
APPLE_KEY_ID Key ID from the developer portal
APPLE_TEAM_ID Team ID from the developer portal
APPLE_AUTH_KEY Filename of the .p8 key in storage/app/
APPLE_CLIENT_SECRET_UPDATED_AT Unix timestamp of last generation (auto-managed)
APPLE_REFRESH_TOKEN_INTERVAL_DAYS Days between refreshes (1–180, default 180)

Running Tests

composer install
vendor/bin/phpunit

Changelog

See CHANGELOG.md.

License

MIT © LadeDevs