make Apple ResponseMode configurable

README.md

@@ -522,7 +522,7 @@ After completing the previous steps, you can proceed with configuring the Apple
 - _ClientID_ (**required**) - Service ID identifier which is used for Sign with Apple
 - _TeamID_ (**required**) - Identifier a developer account (use as prefix for all App ID)
 - _KeyID_ (**required**) - Identifier a generated key for Sign with Apple
-
+- _ResponseMode_  - Response Mode, please see [documentation](https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168) for reference, default is `form_post`
 
 ```go
     // apple config parameters

_example/main.go

@@ -87,9 +87,10 @@ func main() {
 
 	// allow sign with apple id
 	appleCfg := provider.AppleConfig{
-		ClientID: os.Getenv("AEXMPL_APPLE_CID"),
-		TeamID:   os.Getenv("AEXMPL_APPLE_TID"),
-		KeyID:    os.Getenv("AEXMPL_APPLE_KEYID"), // private key identifier
+		ClientID:     os.Getenv("AEXMPL_APPLE_CID"),
+		TeamID:       os.Getenv("AEXMPL_APPLE_TID"),
+		KeyID:        os.Getenv("AEXMPL_APPLE_KEYID"), // private key identifier
+		ResponseMode: "query",                         // see https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168
 	}
 
 	if err := service.AddAppleProvider(appleCfg, provider.LoadApplePrivateKeyFromFile(os.Getenv("AEXMPL_APPLE_PRIVKEY_PATH"))); err != nil {

provider/apple.go

@@ -70,11 +70,11 @@ type appleVerificationResponse struct {
 
 // AppleConfig is the main oauth2 required parameters for "Sign in with Apple"
 type AppleConfig struct {
-	ClientID string // the identifier Services ID for your app created in Apple developer account.
-	TeamID   string // developer Team ID (10 characters), required for create JWT. It available, after signed in at developer account, by link: https://developer.apple.com/account/#/membership
-	KeyID    string // private key ID  assigned to private key obtain in Apple developer account
+	ClientID     string // the identifier Services ID for your app created in Apple developer account.
+	TeamID       string // developer Team ID (10 characters), required for create JWT. It available, after signed in at developer account, by link: https://developer.apple.com/account/#/membership
+	KeyID        string // private key ID  assigned to private key obtain in Apple developer account
+	ResponseMode string // changes method of receiving data in callback. Default value "form_post" (https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168)
 
-	responseMode string           // changes method of receiving data in callback. Default value "form_post" (https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168)
 	scopes       []string         // for this package allow only username scope and UID in token claims. Apple service API provide only "email" and "name" scope values (https://developer.apple.com/documentation/sign_in_with_apple/clientconfigi/3230955-scope)
 	privateKey   interface{}      // private key from Apple obtained in developer account (the keys section). Required for create the Client Secret (https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens#3262048)
 	publicKey    crypto.PublicKey // need for validate sign of token
@@ -158,21 +158,21 @@ func NewApple(p Params, appleCfg AppleConfig, privateKeyLoader PrivateKeyLoaderI
 	}
 
 	responseMode := "form_post"
-	if appleCfg.responseMode != "" {
-		responseMode = appleCfg.responseMode
+	if appleCfg.ResponseMode != "" {
+		responseMode = appleCfg.ResponseMode
 	}
 
 	ah := AppleHandler{
 		Params: p,
 		name:   "apple", // static name for an Apple provider
 
 		conf: AppleConfig{
-			ClientID: appleCfg.ClientID,
-			TeamID:   appleCfg.TeamID,
-			KeyID:    appleCfg.KeyID,
-			scopes:   []string{"name"},
-			jwkURL:   appleKeysURL,
-			responseMode: responseMode,
+			ClientID:     appleCfg.ClientID,
+			TeamID:       appleCfg.TeamID,
+			KeyID:        appleCfg.KeyID,
+			scopes:       []string{"name"},
+			jwkURL:       appleKeysURL,
+			ResponseMode: responseMode,
 		},
 
 		endpoint: oauth2.Endpoint{
@@ -510,7 +510,7 @@ func (ah *AppleHandler) prepareLoginURL(state, path string) (string, error) {
 
 	scopesList := strings.Join(ah.conf.scopes, " ")
 
-	if scopesList != "" && ah.conf.responseMode != "form_post" {
+	if scopesList != "" && ah.conf.ResponseMode != "form_post" {
 		return "", fmt.Errorf("response_mode must be form_post if scope is not empty")
 	}
 
@@ -522,7 +522,7 @@ func (ah *AppleHandler) prepareLoginURL(state, path string) (string, error) {
 	query := authURL.Query()
 	query.Set("state", state)
 	query.Set("response_type", "code")
-	query.Set("response_mode", ah.conf.responseMode)
+	query.Set("response_mode", ah.conf.ResponseMode)
 	query.Set("client_id", ah.conf.ClientID)
 	query.Set("scope", scopesList)
 	query.Set("redirect_uri", ah.makeRedirURL(path))

provider/apple_test.go

@@ -426,11 +426,11 @@ func prepareAppleHandlerTest(responseMode string, scopes []string) (*AppleHandle
 	}
 
 	aCfg := AppleConfig{
-		ClientID: "auth.example.com",
-		TeamID:   "AA11BB22CC",
-		KeyID:    "BS2A79VCTT",
-		responseMode: responseMode,
-		scopes: scopes,
+		ClientID:     "auth.example.com",
+		TeamID:       "AA11BB22CC",
+		KeyID:        "BS2A79VCTT",
+		ResponseMode: responseMode,
+		scopes:       scopes,
 	}
 
 	cl := customLoader{}