Steps:

1. Downloaded the keycloak-apple-social-identity-provider-1.0.2.jar
2. Started the keycloack server (jar file).
3. Added the module with jboss-cli:

module add --name=apple-social-identity-provider --resources=apple-social-identity-provider-1.0.2.jar --dependencies=org.keycloak.keycloak-core,org.keycloak.keycloak-services,org.keycloak.keycloak-server-spi,org.keycloak.keycloak-server-spi-private

4. Rgistered the provider with jboss-cli for standalone-ha.xml:

embed-server --server-config=standalone.xml --std-out=echo
batch
/subsystem=keycloak-server:list-add(name=providers,value=module:apple-social-identity-provider)
/subsystem=keycloak-server/spi=social/:add
/subsystem=keycloak-server/spi=social/provider=apple/:add(enabled=true)
run-batch
stop-embedded-server

5. Rgistered the provider with jboss-cli for standalone.xml:

embed-server --server-config=standalone-ha.xml --std-out=echo
batch
/subsystem=keycloak-server:list-add(name=providers,value=module:apple-social-identity-provider)
/subsystem=keycloak-server/spi=social/:add
/subsystem=keycloak-server/spi=social/provider=apple/:add(enabled=true)
run-batch
stop-embedded-server

6. Opened the keycloak admin panel, authorized, and went to the identity providers section
   
7. After clicking on the Apple option got redirected to the "Resource not found..." page
   

When I try to login using Apple oAuth by hitting the URL
http://my.example.app/api/auth/login/apple?client_id=webapp&state=ae6cfa04-2b97-443d-89d6-735ca87e1164&response_type=code&nonce=3bf581b7-59ec-4f91-9caf-bf02b9913a67&kc_idp_hint=apple&redirect_uri=https://my.example.app/api/auth/apple/callback/webapp&scope=openid email

I get the following error

Upon further inspection, it seems like it is due to the redirected authorization URL having indeed a bad URI (it uses HTTP instead of HTTPS) - https://appleid.apple.com/auth/authorize?response_mode=form_post&scope=openid+email+name&state=MHsd34r2J1DOdLgnx7G8qVbhZ7k-FGLxHM6E7qOqTDs.jKtRwBXmZUw.webapp&response_type=code&client_id=my.app.clientId&redirect_uri=http%3A%2F%2Fmy.example.app%2Fauth%2Frealms%2FAppleAuth%2Fbroker%2Fapple%2Fendpoint&nonce=GxRbWFg_lmpH3mZ_ZE2QOg

Now, if I change the redirect_uri query string parameter to ensure it is https instead of http, I am able to login with my apple ID. HOWEVER, the callback URL fails with the following error

Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access_token from server. error='invalid_grant', error_description='redirect_uri mismatch. The code was not issued to http://api.vid.app/auth/realms/AppleAuth/broker/apple/endpoint.', error_uri='null'

I suspect this is due to the initial redirect URL being HTTP instead of HTTPS - is there a way around this? Id like for the redirected request to have the parameter for redirect_uri follow the HTTPS scheme instead, as Apple does not allow for HTTP URLs as callbacks

Or maybe I am doing something wrong... my keycloak server is configured via a helm chart using the following command - helm install auth-keycloak codecentric/keycloak --version 18.1.1

when I try to deploy this jar file I get Caused by: java.lang.NoClassDefFoundError: Failed to link co/ritual/keycloak/identityprovider/apple/AppleUsernameTemplateMapper (Module "deployment.keycloak-spi_deploy.jar" from Service Module Loader): org/keycloak/broker/oidc/mappers/UsernameTemplateMapper error. Any idea why this might happen?

Failed to make identity provider oauth callback: java.lang.IllegalArgumentException: Illegal base64 character 2e
at java.base/java.util.Base64$Decoder.decode0(Base64.java:743)
at java.base/java.util.Base64$Decoder.decode(Base64.java:535)
at java.base/java.util.Base64$Decoder.decode(Base64.java:558)

The jboss-deployment-structure.xml did not include all the dependencies. The following had to be added.

<module name="javax.ws.rs.api" export="true"/>

Still it does not appear. What else should be done? Should any configuration files be updated?

If there is interest in it, it would be great to see this extension listed on https://www.keycloak.org/extensions.html

A simple PR to https://github.com/keycloak/keycloak-web/tree/main/extensions is all that is needed to do that. I would prefer the PR comes from one of the maintainers of this repository though.

Hello,

I configured an OIDC identity provider on my realm ABC
In the mappers (of the identity provider) I configured 2 attribute importers and 1 hardcoded attribute

When I go on the login page and I connect with my identity provider, the 2 attribute importer are present in the token (they imported successfully the attributes from the client account) but the hardcoded attribute is not present
In the second connection, the hardcoded attribute is present !

Could you please help me ? I need the hardcoded attribute to be in the token from the first connection

Thanks in advance

Next release of keycloak will use quarkus as a replacement of wildfire.
Is there a plan to make this extension compatible with Quarkus ?

Thx.

Thank you for this project Benjamin, we've integrated it on our Keycloak server and it basically works really well. One thing we are struggling with is that it does not seem to provide any user attributes to Keycloak when signing in.

After signing in for the first time, Keycloak redirects to a form asking the user to fill out any attributes that are required but missing, which is email, first name and last name. I can see in your code that you are requesting the email and name scopes, and that you are also setting those in the context, so I would expect it to work.

Is this a known limitation of your provider, or are we missing something? Please advise.

Hi, I updated the provider like in this PR #21
to use this in Keycloak 16.1.1

my configuration looks correct accorging to Readme

After trying to login, I get redirected to apple, fill credentials, but when getting back to keycloak page, i see Unexpected error when authenticating with identity provider
In keycloak logs there is this:

14:27:23,462 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-12) Failed to make identity provider oauth callback: java.lang.NullPointerException
	at [email protected]//org.keycloak.services.resources.IdentityBrokerService.lambda$authenticated$0(IdentityBrokerService.java:528)
	at java.base/java.util.HashMap$KeySpliterator.forEachRemaining(HashMap.java:1621)
	at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:658)
	at [email protected]//org.keycloak.services.resources.IdentityBrokerService.authenticated(IdentityBrokerService.java:525)
	at [email protected]//org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:514)
	at deployment.apple-social-identity-provider-1.0.3-SNAPSHOT.jar//fr.benjaminfavre.provider.AppleIdentityProvider$OIDCEndpoint.authResponse(AppleIdentityProvider.java:123)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at [email protected]//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
...

Any idea how to make it work?

Hi! Are you able to provide an example module.xml file? Currently I'm getting the following error:
16:08:35,049 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-2) Uncaught server error: java.lang.NoClassDefFoundError: javax/ws/rs/core/Response

My module.xml file:

<?xml version='1.0' encoding='UTF-8'?>

<module xmlns="urn:jboss:module:1.1" name="fr.benjaminfavre.provider">

    <resources>
        <resource-root path="provider.jar"/>
    </resources>

    <dependencies>
        <module name="org.keycloak.keycloak-core"/>
        <module name="org.keycloak.keycloak-server-spi"/>
        <module name="org.keycloak.keycloak-services"/>
        <module name="org.keycloak.keycloak-server-spi-private"/>
    </dependencies>
</module>

I've imported the jar (version) 1.4.1 in my keycloak docker installation (20.0.3).

The apple provider is enabled : authentication works.

I've set the scope to : name%20email
I've set the first login flow to : "first broker login".

On the first authentication, the information of mail has the following format "[email protected]" (instead of the mail of user, i suppose for privacy reason) and the last et first name are empty.

How to automatically fill names information ?

In fact, i'm deploying an hybrid application ( an app with a webbrowser pointing to my keycloak instance) to the apple store . It's work but apple wants that i remove the step where you fill email and names. They said it's a bad experience to their user to refill informations.

Hi,
i got this to work but have no Apple logo. Is this possible to add somehow?

Hi,

with this apple social identity provider is not possible to add the Identity Provider Mapper of type "Attribute Importer"

We have setup this provider, however we are having this error:

Failed to make identity provider oauth callback: java.lang.IllegalArgumentException: Illegal base64 character 20

The provider is visible in the list:

Thanks

Apple reviewers cannot login, we get the following error in the log {"error":"invalid_grant","error_description":"The code has already been used."}. Every account we test with works. I have found other with the same problem: https://developer.apple.com/forums/thread/679534

In the thread some talk about caching and setting nonce, is this handled correctly by this extension?

Hi,
I am integrating keycloak with my app. Due to some reason, I have to pass some custom parameters from query params to the register.ftl file. I have written a custom authenticator and have added it start of the registration flow so that I can access it before the register page is rendered. I have successfully extracted query param and now I want to use it in my register.ftl file.

I have added it in session attribute in authenticate method of my custom authenticator like this
context.getSession().setAttribute("patient_code","54321"); //for testing
And then tried to access it in ftl file like this:

Patient Code: ${attribute.patient_code}

But it is not working and I get error when register.ftl page is being rendered. The user is not created yet so cant use user attributes. I tried using context.getAuthenticationSession().setAuthNote but it didnt work either.

Is there any way I can achieve this? I may need to add some custom logic in authenticator and based on that, pass params to ftl, so I want to achieve it by passing from authenticator to ftl.

According to this post, Apple requires a very specific wording for its Sign-In buttons. That would be easily achievable using the "Display Name" property present in the generic OIDC provider you're inheriting from. However, your Admin UI snippet is lacking that field. Could you please add the following snippet to realm-identity-provider-apple-ext.html as suggested by ebiscardi:

<div class="form-group clearfix">
   <label class="col-md-2 control-label" for="displayName"> {{:: 'display-name' | translate}}</label>
    <div class="col-md-6">
        <input class="form-control" id="displayName" type="text" ng-model="identityProvider.displayName">
    </div>
    <kc-tooltip>{{:: 'identity-provider.display-name.tooltip' | translate}}</kc-tooltip>
</div>

I passed one day trying to install this provider to my Keycloak docker instance without any success.

Right now this is my Dockerfile:

FROM jboss/keycloak:12.0.2

WORKDIR '/opt/jboss/keycloak/themes'

RUN curl https://github.com/simon-feamzy/keycloak-apple-social-identity-provider/releases/download/v1.0.4/apple-social-identity-provider-1.0.4.jar -o apple-social-identity-provider-1.0.4.jar
RUN ${JBOSS_HOME}/bin/jboss-cli.sh --command="module add --name=fr.benjaminfavre.provider --resources=apple-social-identity-provider-1.0.4.jar --dependencies=org.keycloak.keycloak-core,org.keycloak.keycloak-services,org.keycloak.keycloak-server-spi,org.keycloak.keycloak-server-spi-private"
ADD ./standalone/configuration/standalone-ha.xml /opt/jboss/keycloak/standalone/configuration/standalone-ha.xml

RUN mkdir macondo
RUN cp -R ./keycloak/* macondo
COPY ./themes/login/. ./macondo/login

Notice i assed the provider on the xml file:

<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
            <web-context>auth</web-context>
            <providers>
                <provider>
                    classpath:${jboss.home.dir}/providers/*
                </provider>
                <provider>module:fr.benjaminfavre.provider</provider>
            </providers>
...
</subsystem>

But it gives me a lot of bugs, the last one:

15:18:14,866 INFO [org.keycloak.services] (ServerService Thread Pool -- 63) KC-SERVICES0001: Loading config from standalone.xml or domain.xml

15:18:14,920 FATAL [org.keycloak.services] (ServerService Thread Pool -- 63) Error during startup: java.lang.RuntimeException: org.jboss.modules.ModuleLoadException: Error loading module from /opt/jboss/keycloak/modules/fr/benjaminfavre/provider/main/module.xml

at [email protected]//org.keycloak.provider.wildfly.ModuleProviderLoaderFactory.create(ModuleProviderLoaderFactory.java:45)

at [email protected]//org.keycloak.provider.ProviderManager.<init>(ProviderManager.java:65)

at [email protected]//org.keycloak.services.DefaultKeycloakSessionFactory.init(DefaultKeycloakSessionFactory.java:90)

at [email protected]//org.keycloak.services.resources.KeycloakApplication.createSessionFactory(KeycloakApplication.java:260)

at [email protected]//org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:125)

at [email protected]//org.keycloak.provider.wildfly.WildflyPlatform.onStartup(WildflyPlatform.java:29)

at [email protected]//org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:115)

at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)

at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)

at [email protected]//org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:152)

at [email protected]//org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2815)

at [email protected]//org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:371)

at [email protected]//org.jboss.resteasy.spi.ResteasyDeployment.startInternal(ResteasyDeployment.java:283)

at [email protected]//org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:93)

at [email protected]//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:140)

at [email protected]//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:42)

at [email protected]//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)

at [email protected]//org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)

at [email protected]//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)

at [email protected]//io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:305)

at [email protected]//io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:145)

at [email protected]//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:588)

at [email protected]//io.underto

w.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:559)

at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)

at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

at [email protected]//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)

at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)

at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)

at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)

at [email protected]//io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:601)

at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:97)

at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)

at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)

at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)

at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)

at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)

at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)

at java.base/java.lang.Thread.run(Thread.java:834)

at [email protected]//org.jboss.threads.JBossThread.run(JBossThread.java:513)

Caused by: org.jboss.modules.ModuleLoadException: Error loading module from /opt/jboss/keycloak/modules/fr/benjaminfavre/provider/main/module.xml

at org.jboss.modules.xml.ModuleXmlParser.parseModuleXml(ModuleXmlParser.java:337)

at org.jboss.modules.xml.ModuleXmlParser.parseModuleXml(ModuleXmlParser.java:293)

at org.jboss.modules.xml.ModuleXmlParser.parseModuleXml(ModuleXmlParser.java:254)

at org.jboss.modules.LocalModuleFinder.parseModuleXmlFile(LocalModuleFinder.java:250)

at org.jboss.modules.LocalModuleFinder.lambda$findModule$1(LocalModuleFinder.java:195)

at java.base/java.security.AccessController.doPrivileged(Native Method)

at org.jboss.modules.LocalModuleFinder.findModule(LocalModuleFinder.java:195)

at org.jboss.modules.ModuleLoader.findModule0(ModuleLoader.java:696)

at org.jboss.modules.ModuleLoader.findModule(ModuleLoader.java:689)

at org.jboss.modules.ModuleLoader.loadModuleLocal(ModuleLoader.java:499)

at org.jboss.modules.DelegatingModuleLoader.preloadModule(DelegatingModuleLoader.java:57)

at org.jboss.modules.ModuleLoader.preloadExportedModule(ModuleLoader.java:414)

at org.jboss.modules.ModuleLoader.preloadModule(ModuleLoader.java:455)

at [email protected]//org.jboss.as.server.moduleservice.ServiceModuleLoader.preloadModule(ServiceModuleLoader.java:146)

at org.jboss.modules.ModuleLoader.preloadModule(ModuleLoader.java:400)

at org.jboss.modules.ModuleLoader.loadModule(ModuleLoader.java:295)

at org.jboss.modules.ModuleLoader.loadModule(ModuleLoader.java:283)

at [email protected]//org.keycloak.provider.wildfly.ModuleProviderLoaderFactory.create(ModuleProviderLoaderFactory.java:41)

... 42 more

Caused by: org.jboss.modules.xml.XmlPullParserException: Failed to add resource root 'apple-social-identity-provider-1.0.4.jar' at path 'apple-social-identity-provider-1.0.4.jar' (position: END_TAG seen ... <resource-root path="apple-social-identity-provider-1.0.4.jar"/>... @6:73) caused by: java.util.zip.ZipException: zip END header not found

at org.jboss.modules.xml.ModuleXmlParser.parseResourceRoot(ModuleXmlParser.java:1121)

at org.jboss.modules.xml.ModuleXmlParser.parseResources(ModuleXmlParser.java:932)

at org.jboss.modules.xml.ModuleXmlParser.parseModuleContents(ModuleXmlParser.java:697)

at org.jboss.modules.xml.ModuleXmlParser.parseDocument(ModuleXmlParser.java:469)

at org.jboss.modules.xml.ModuleXmlParser.parseModuleXml(ModuleXmlParser.java:335)

... 59 more

Caused by: java.util.zip.ZipException: zip END header not found

at java.base/java.util.zip.ZipFile$Source.zerror(ZipFile.java:1567)

at java.base/java.util.zip.ZipFile$Source.findEND(ZipFile.java:1462)

at java.base/java.util.zip.ZipFile$Source.initCEN(ZipFile.java:1469)

at java.base/java.util.zip.ZipFile$Source.<init>(ZipFile.java:1274)

at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1237)

at java.base/java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:727)

at java.base/java.util.zip.ZipFile$CleanableResource.get(ZipFile.java:844)

at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:247)

at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:177)

at java.base/java.util.jar.JarFile.<init>(JarFile.java:348)

at org.jboss.modules.xml.JDKSpecific.getJarFile(JDKSpecific.java:33)

at org.jboss.modules.xml.ModuleXmlParser$DefaultResourceRootFactory.createResourceLoader(ModuleXmlParser.java:1618)

at org.jboss.modules.LocalModuleFinder.lambda$new$0(LocalModuleFinder.java:103)

at org.jboss.modules.xml.ModuleXmlParser.parseResourceRoot(ModuleXmlParser.java:1119)

... 63 more

I tried also to put it on the deployment's folder, but no success.

It could be related to #10 and #8, because even when there is no problem to "install" the jar file and create the module(first and second custom commands on the Dockerfile), i can't see the provider on Keycloak dashboard. Also can be related to #7, because at adding the provider to the configuration file(standalone), it breaks the server. May it be because the Keycloak version we are using for?

Is there any interest on continuing with this provider?

After adding .jar and necessary configuration to Keycloak, Apple provider appears on Identity Providers selector.

However, when I select this option, Keycloak redirects to a not found page.

What can I do?

Probleme de compatibilité entre keycloak et votre plugin
Message apres indentification
« Erreur inattendue lors de l’authentification avec le fournisseur identifié »

Nous utilisons la solution IAM Keycloak (https://www.keycloak.org/), version 19.0.3, pour la gestion du compte
et avons intégré le SDK openid / AppAuth-iOS (https://github.com/openid/AppAuth-iOS) sur l'application pour le connecter à Keycloak.
Nous voulons savoir Comment intégrer Apple signin à Keycloak ?

The admin console page does not display the teamId and keyId fields. To configure them, I had to update the identity provider using the REST API. I suspect this is a result of changes made to the Keycloak baseline. Other than this gotcha, this provider still seems to work.

Hello there,

I have a problem after successful apple auth. I checked a few times and all my credentials provided in provider settings are correct but redirecting after apple sign in creates error "An internal server error has occurred" in keycloak. My keycloak version is 21.1.0. I checked keycloak logs and this is what it says:

ubuntu-keycloakv2-1 | 2023-05-19 13:11:05,695 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-15) Uncaught server error: java.lang.NoSuchMethodError: ‘void org.keycloak.broker.oidc.OIDCIdentityProvider$OIDCEndpoint.(org.keycloak.broker.oidc.OIDCIdentityProvider, org.keycloak.broker.provider.IdentityProvider$AuthenticationCallback, org.keycloak.models.RealmModel, org.keycloak.events.EventBuilder)’
ubuntu-keycloakv2-1 | at fr.benjaminfavre.provider.AppleIdentityProvider$OIDCEndpoint.(AppleIdentityProvider.java:108)
ubuntu-keycloakv2-1 | at fr.benjaminfavre.provider.AppleIdentityProvider.callback(AppleIdentityProvider.java:45)
ubuntu-keycloakv2-1 | at org.keycloak.services.resources.IdentityBrokerService.getEndpoint(IdentityBrokerService.java:420)
ubuntu-keycloakv2-1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
ubuntu-keycloakv2-1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
ubuntu-keycloakv2-1 | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
ubuntu-keycloakv2-1 | at java.base/java.lang.reflect.Method.invoke(Method.java:568)
ubuntu-keycloakv2-1 | at org.jboss.resteasy.core.ResourceLocatorInvoker.constructLocator(ResourceLocatorInvoker.java:107)
ubuntu-keycloakv2-1 | at org.jboss.resteasy.core.ResourceLocatorInvoker.resolveTargetFromLocator(ResourceLocatorInvoker.java:87)
ubuntu-keycloakv2-1 | at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:148)
ubuntu-keycloakv2-1 | at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183)
ubuntu-keycloakv2-1 | at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
ubuntu-keycloakv2-1 | at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
ubuntu-keycloakv2-1 | at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
ubuntu-keycloakv2-1 | at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
ubuntu-keycloakv2-1 | at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
ubuntu-keycloakv2-1 | at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
ubuntu-keycloakv2-1 | at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
ubuntu-keycloakv2-1 | at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
ubuntu-keycloakv2-1 | at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
ubuntu-keycloakv2-1 | at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
ubuntu-keycloakv2-1 | at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
ubuntu-keycloakv2-1 | at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
ubuntu-keycloakv2-1 | at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
ubuntu-keycloakv2-1 | at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
ubuntu-keycloakv2-1 | at io.vertx.ext.web.impl.RoutingContextWrapper.next(RoutingContextWrapper.java:200)
ubuntu-keycloakv2-1 | at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84)
ubuntu-keycloakv2-1 | at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71)
ubuntu-keycloakv2-1 | at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
ubuntu-keycloakv2-1 | at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
ubuntu-keycloakv2-1 | at io.vertx.ext.web.impl.RoutingContextWrapper.next(RoutingContextWrapper.java:200)
ubuntu-keycloakv2-1 | at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430)
ubuntu-keycloakv2-1 | at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408)
ubuntu-keycloakv2-1 | at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
ubuntu-keycloakv2-1 | at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
ubuntu-keycloakv2-1 | at io.vertx.ext.web.impl.RoutingContextWrapper.next(RoutingContextWrapper.java:200)
ubuntu-keycloakv2-1 | at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82)
ubuntu-keycloakv2-1 | at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
ubuntu-keycloakv2-1 | at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
ubuntu-keycloakv2-1 | at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
ubuntu-keycloakv2-1 | at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
ubuntu-keycloakv2-1 | at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
ubuntu-keycloakv2-1 | at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
ubuntu-keycloakv2-1 | at java.base/java.lang.Thread.run(Thread.java:833)
ubuntu-keycloakv2-1 |

What can I do to fix this?

Hi,

Is it possible to use the module with 19.0.3 version of keycloack built in legacy way (quay.io/keycloak/keycloak:legacy) ?
The version does not have /opt/keycloak/providers/ folder and no /opt/keycloak/bin/kc.sh script inside

Thank you in advance!

Hi. Firstly big thanks for your work! I try this provider and it works fine for web auth. Now I want to add native ios authorization and make external token change from apple token to keycloak token. I can do this if I set OpenID Connect v1.0 provider and set this fields:

How can I add this option to this provider?