Docs
⚙️ Configuration
Authentication
OAuth2-OIDC
Apple

Apple

Prerequisites

Before you begin, ensure you have the following:

  • Apple Developer Account: If you don’t have one, enroll here.

Creating a New App ID

1. Log in to the Apple Developer Console

2. Navigate to Identifiers

  • Go to Certificates, Identifiers & Profiles.
  • Click on Identifiers in the sidebar.

3. Create a New App ID

  1. Click the ”+” button to add a new identifier.
  2. Select App IDs and click Continue.
  3. Choose App and click Continue.
  4. Enter a Description for your App ID (e.g., LibreChat App ID).
  5. Set the Bundle ID (e.g., com.yourdomain.librechat).
  6. Click Continue and then Register.

  • Image References:

  • Create App ID Figure 1: Creating a New App ID

  • Select App Figure 2: Selecting App Identifier

4. Enable “Sign in with Apple”

  1. After creating the App ID, click on it to edit.
  2. Under Capabilities, find and check Sign in with Apple.
  3. Click Save.
  • Image Reference:
  • Enable Sign in with Apple Figure 3: Enabling “Sign in with Apple”

Creating a Services ID

1. Navigate to Identifiers

  • In the Certificates, Identifiers & Profiles section, click on Identifiers.

2. Create a New Services ID

  1. Click the ”+” button.
  2. Select Services IDs and click Continue.
  3. Enter a Description (e.g., LibreChat Services ID).
  4. Enter an Identifier (e.g., com.yourdomain.librechat.services).
  5. Click Continue and then Register.

  • Image References:

  • Select Services ID Figure 4: Selecting Services ID

  • Create Services ID Figure 5: Creating Services ID

3. Configure “Sign in with Apple”

  1. Click on the newly created Services ID.
  2. Under Capabilities, click Configure next to Sign in with Apple.
  3. Enter your Domains (e.g., your-domain.com) and Return URLs (e.g., https://your-domain.com/oauth/apple/callback).
  4. Click Next and then Register.

  • Image Reference:

  • Configure Sign in with Apple Figure 6: Configuring “Sign in with Apple” for Services ID

  • Web Authentication Configuration Figure 7: Web Authentication Configuration

  • Web Authentication Configuration Figure 8: Save edit Services ID Configuration

Creating a Key

1. Navigate to Keys

  • In the Certificates, Identifiers & Profiles section, click on Keys.

2. Create a New Key

  1. Click the ”+” button to add a new key.
  2. Enter a Key Name (e.g., LibreChatSignInWithApple).
  3. Select Sign in with Apple under Capabilities.
  4. Click Configure and select the created App ID (e.g., com.yourdomain.librechat), then click Save.
  5. Click Continue and then Register.

  • Image References:

  • Create Key Figure 8: Creating a New Key

  • Configure Key Figure 9: Configuring the Key with App ID

  • Register a New Key Figure 10: Registering the Key

3. Download the Private Key

  1. After creating the key, click Download.
  2. Important: Save the .p8 file securely. You will not be able to download it again.
  3. Note the Key ID; you’ll need it for the .env file.
  • Image Reference:
  • Download Your Key Figure 11: Downloading the Private Key

Configuring LibreChat

1. Update .env Configuration

Add the following Apple OAuth2 configuration to your .env file:

.env
DOMAIN_CLIENT=https://your-domain.com # use http://localhost:3080 if not using a custom domain
DOMAIN_SERVER=https://your-domain.com # use http://localhost:3080 if not using a custom domain

# Apple
APPLE_CLIENT_ID=com.yourdomain.librechat.services
APPLE_TEAM_ID=YOUR_TEAM_ID
APPLE_KEY_ID=YOUR_KEY_ID
APPLE_PRIVATE_KEY_PATH=/path/to/AuthKey.p8 # Absolute path to your downloaded .p8 file
APPLE_CALLBACK_URL=/oauth/apple/callback

Note:

  • Replace com.yourdomain.librechat.services with your actual Services ID.
  • Replace YOUR_TEAM_ID and YOUR_KEY_ID with the respective values from your Apple Developer account.
  • If using Docker, ensure the .p8 file is accessible within your Docker container and update the APPLE_PRIVATE_KEY_PATH accordingly.

2. Restart LibreChat

After updating the .env file, restart LibreChat to apply the changes.

  • If using Docker:
docker compose up -d

Troubleshooting

If you encounter issues during the setup, consider the following solutions:

  • Invalid Redirect URI:

    • Ensure that the redirect URI in your Apple Developer Console (https://your-domain.com/oauth/apple/callback) matches exactly with the one specified in your .env file (APPLE_CALLBACK_URL).

  • Private Key Issues:

    • Verify that the path to your .p8 file (APPLE_PRIVATE_KEY_PATH) is correct.
    • Ensure that LibreChat has read permissions for the .p8 file.

  • Team ID and Key ID Errors:

    • Double-check that the APPLE_TEAM_ID and APPLE_KEY_ID in your .env file match those in your Apple Developer Account.

  • Domain Verification Failed:

    • Ensure that the verification file is correctly uploaded to the root of your domain.
    • Verify that there are no typos in the domain name entered during configuration.

  • Docker Configuration Issues:

    • If using Docker, confirm that the .p8 file is properly mounted and the path in APPLE_PRIVATE_KEY_PATH is accessible within the container.

  • Check Logs:

    • Review LibreChat logs for any error messages related to Apple authentication. This can provide specific insights into what might be going wrong.
IntroDiscord