I’m working on setting up Sign In w/ Apple. I was able to get everything working in my sandbox environment by plugging the necessary ids and keys from what I setup in my Apple Developer account directly into the Auth0 GUI’s Apple connection settings .
Now that I am preparing to promote this configuration addition to my higher environments via deployment pipelines, I’m updating my in-code configuration to reference the ids/keys using Azure variable groups and and an Azure Secure File for the Client Secret Signing Key. The first time I ran my pipeline after making these updates, I got an error during the deployment that “options.app_secret must be in PEM format” - so I know I’ve setup access to the Secure File correctly because the file was in .p8 format which is how it was downloaded from Apple.
I’ve tried two different methods of converting the p8 to pem - first by running the following in my Terminal:
openssl pkcs8 -in AuthKey.p8 -out AuthKey.pem
and also by simply changing the file extension from p8 to pem in Finder > Downloads folder. In both cases I re-uploaded the PEM to my Azure Secure Files.
Both methods of converting the p8 to pem had the same outcome: the deployment completes successfully, but when I test Sign In w/ Apple on my app, I get the following error:
"error": {
"message": "Failed to derive a client_secret from the configured Client Secret Signing Key.",
"oauthError": "server_error",
"type": "oauth-authorization"
},
How can I properly get Auth0 to read the PEM version of the p8 key file downloaded from Apple?
The “Failed to derive a client_secret from the configured Client Secret Signing Key” error happens when the Key ID is misconfigured in your Apple connection settings. Specifically, the entire key must be pasted in, including the BEGIN/END PRIVATE KEY lines.
Hi @rueben.tiow, thanks for your response. I understand that I need to include the BEGIN/END PRIVATE KEY LINES. As I mentioned, the Apple social connection works correctly when I paste the key value directly into the Auth0 GUI’s Apple connection setup page.
However, I am using deployment pipelines to manage my AUth0 configuration via infrastructure as code processes. So, I am now storing all of my Apple keys and ids in Azure resource variables. Because the secret key is a .p8 and not just a string value, I need to save it in Azure Secure Files - I have done so with the exact .p8 whose contents I previously copy/pasted directly into the setup, including the BEGIN/END PRIVAT KEY lines. The pipeline is successfully grabbing the .p8 when it runs (confirmed by the fact that I have to manually grant it permission to read the file the first time the pipeline accesses it), but for some reason Auth0 doesn’t seem to be able to read it properly.
I have not found specific examples of how to accomplish this when using your Azure deployment pipelines to manage the Apple client’s secret signing key.
However, I found some valuable resources below. From the resources I found, the issue may be related to encoding or formatting changes when retrieving the .p8 file in the pipeline.
Before making any modifications, you could try verifying the file contents first by downloading the uploaded .p8 file by using DownloadSecureFile@1.
If there are encoding issues, the following resources might be useful: