Skip to content

feat: add Apple Sign-In support to ory_social_provider resource#81

Merged
KT-Doan merged 1 commit intomainfrom
feat/apple-social-provider
Mar 2, 2026
Merged

feat: add Apple Sign-In support to ory_social_provider resource#81
KT-Doan merged 1 commit intomainfrom
feat/apple-social-provider

Conversation

@KT-Doan
Copy link
Collaborator

@KT-Doan KT-Doan commented Mar 2, 2026
edited
Loading

Description

Add Apple Sign-In support to the ory_social_provider resource. Apple uses a non-standard OAuth2 flow where Ory generates the JWT client_secret from Apple-specific fields (apple_team_id, apple_private_key_id, apple_private_key) instead of requiring a static secret.

Key changes:

  • Add apple_team_id, apple_private_key_id, and apple_private_key attributes
  • Make client_secret optional (not needed for Apple providers)
  • Add ValidateConfig with rules ensuring correct attribute combinations per provider type
  • Update buildProviderConfig and Read to handle Apple-specific fields

Related Issues

Fixes #80

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

Checklist

  • I have read the CONTRIBUTING guide
  • My code follows the existing code style
  • I have added tests that prove my fix/feature works
  • I have updated documentation as needed
  • All new and existing tests pass (make test)
  • I have run the linter (make format)

Testing

Describe how you tested these changes:

  • Unit tests
  • Acceptance tests (TestAccSocialProviderResource_basic, TestAccSocialProviderResource_apple)
  • Manual testing (plan, apply, drift detection, import, update, destroy)

Screenshots/Output

Terraform plan output for Apple provider:

# ory_social_provider.apple will be created
+ resource "ory_social_provider" "apple" {
    + apple_private_key    = (sensitive value)
    + apple_private_key_id = "ABC123DEF4"
    + apple_team_id        = "TEAMID1234"
    + client_id            = "com.example.signin"
    + id                   = (known after apply)
    + label                = "Apple"
    + project_id           = "..."
    + provider             = "apple"
    + scopes               = ["email", "name"]
  }

Copilot AI review requested due to automatic review settings March 2, 2026 05:41
Copilot AI reviewed Mar 2, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds first-class Apple Sign-In support to the ory_social_provider Terraform resource by extending the schema/config payload, documenting Apple’s credential requirements, and adding acceptance coverage for Apple create/import/update.

Changes:

  • Extends ory_social_provider with apple_team_id, apple_private_key_id, and apple_private_key, and makes client_secret optional (Apple-specific).
  • Adds resource-level ValidateConfig to enforce valid attribute combinations per provider_type.
  • Updates docs/examples and adds acceptance tests + testdata templates for Apple provider flows.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
templates/resources/social_provider.md.tmpl Documents Apple Sign-In behavior and constraints in the resource template.
internal/resources/socialprovider/testdata/apple_basic.tf.tmpl Adds Apple acceptance test config (create).
internal/resources/socialprovider/testdata/apple_updated.tf.tmpl Adds Apple acceptance test config (update).
internal/resources/socialprovider/resource_test.go Adds acceptance test coverage for Apple create/import/update.
internal/resources/socialprovider/resource.go Implements Apple attributes, optional client_secret, config validation, and API payload/state handling.
examples/resources/ory_social_provider/resource.tf Updates example configuration to use Apple-specific credentials and new variables.
docs/resources/social_provider.md Generated docs updates for Apple Sign-In fields and semantics.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@KT-Doan KT-Doan force-pushed the feat/apple-social-provider branch from 2840cf1 to 132ca7c Compare March 2, 2026 06:11
@KT-Doan KT-Doan requested a review from Copilot March 2, 2026 06:12
@KT-Doan KT-Doan self-assigned this Mar 2, 2026
@KT-Doan KT-Doan requested a review from Demonsthere March 2, 2026 06:12
Copilot AI reviewed Mar 2, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@KT-Doan KT-Doan force-pushed the feat/apple-social-provider branch from 132ca7c to 912a64a Compare March 2, 2026 06:22
@KT-Doan KT-Doan requested a review from Copilot March 2, 2026 06:22
Copilot AI reviewed Mar 2, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@KT-Doan KT-Doan force-pushed the feat/apple-social-provider branch from 912a64a to 5af1322 Compare March 2, 2026 06:38
@KT-Doan KT-Doan requested a review from Copilot March 2, 2026 07:24
Copilot AI reviewed Mar 2, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@KT-Doan
feat: add Apple Sign-In support to ory_social_provider resource
1446627 
Add apple_team_id, apple_private_key_id, and apple_private_key attributes
to the social provider resource. Apple uses a non-standard OAuth2 flow
where Ory generates the JWT client_secret from these fields instead of
requiring a static secret.

- Make client_secret optional (Apple providers don't need it)
- Add ValidateConfig with rules for Apple vs non-Apple providers
- Validate empty strings and handle unknown values correctly
- Update buildProviderConfig/Read to handle Apple fields
- Add acceptance tests for Apple create/import/update
- Generate test PEM keys at runtime to avoid secret scanner flags
- Update docs and examples

Closes #80
@KT-Doan KT-Doan force-pushed the feat/apple-social-provider branch from 5af1322 to 1446627 Compare March 2, 2026 07:44
Demonsthere
Demonsthere approved these changes Mar 2, 2026
View reviewed changes
Copy link
Collaborator

@Demonsthere Demonsthere left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@KT-Doan KT-Doan merged commit 4784cad into main Mar 2, 2026
11 checks passed
@KT-Doan KT-Doan deleted the feat/apple-social-provider branch March 3, 2026 08:55
KT-Doan added a commit that referenced this pull request Mar 4, 2026
@KT-Doan
Merge pull request #81 from ory/feat/apple-social-provider
5aafe20 
feat: add Apple Sign-In support to ory_social_provider resource
KT-Doan added a commit that referenced this pull request Mar 4, 2026
@KT-Doan
Merge pull request #81 from ory/feat/apple-social-provider
00d5a84 
feat: add Apple Sign-In support to ory_social_provider resource
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Demonsthere Demonsthere Demonsthere approved these changes

Assignees

@KT-Doan KT-Doan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Apple social config is not standard and is not currently support by social config resource

3 participants

@KT-Doan @Demonsthere