Resolve PR comments

docs/manual/03_modules/05_infrastructure/03_devopsDeployment/04_AppleSSOSetup/01_setupAppleOAuth.md

@@ -14,38 +14,40 @@ In the Apple Developer account, do the following.
 
 - Go to Section named as `Certificates, Ids & Profiles` and click Identifiers.
 - Create a new identifier, which usually can be created by clicking a small '+' icon besides the identifiers headline. If you do not see that, your logged in user might not have the necessary permissions to add the app ID. Please get your users the right permissions before moving ahead. 
-- Click "App IDs", App and click "Continue".
+- Click "App IDs" click "Continue".
+- Click "App" in next windown and click "Continue".
 - Fill in the form that opens up.
-  - Enter the description.
-  - Enter the Bundle ID which could be a reverse-domain styled string i.e. 'com.domainname.appname'
-  - Scroll down to "Capabilities" section and check `Sign In with Apple` and click continue. 
-  - Verify details and click register.
+ - Enter the description.
+ - Enter the Bundle ID which could be a reverse-domain styled string i.e. 'com.domainname.appname'
+ - Scroll down to "Capabilities" section and check `Sign In with Apple` and click continue. 
+ - Verify details and click register.
 
 # Create a Service ID
 In the Apple Developer account, do the following. 
 
-1. Go to section named as `Certificates, Ids & Profiles` and click Identifiers.
-2. Click the '+' button beside the 'identifiers'.
-3. Click "Service IDs" and click "Continue".
+- Go to section named as `Certificates, Ids & Profiles` and click Identifiers.
+- Click the '+' button beside the 'identifiers'.
+- Click "Service IDs" and click "Continue".
  - Enter the description.
  - Enter the Bundle ID which could be a reverse-domain styled string i.e. 'com.domainname.appname'
  - Click "Continue" and "Register".
-4. Edit the service ID that you just created. Check `Sign In with Apple` and click on the "Configure" button beside the checked option.
- a. You will see a screen for "Web Auhentication Configuration". Select the App ID we created previously as the "Primary App ID". You can add the domains and the Return URLs on which the user will be redirected once it is authentication by Apple. 
- b. Click "Continue", verify the details and click "Save".
+- Edit the service ID that you just created. Check `Sign In with Apple` and click on the "Configure" button besides the checked option.
+ - You will see a screen for "Web Auhentication Configuration". Select the App ID we created previously as the "Primary App ID". You can add the domains e.g, `ir-engine-qat-dev-api.theinfinitereality.io` and the Return URLs e.g, `https://ir-engine-qat-dev-api.theinfinitereality.io/oauth/apple/callback` on which the user will be redirected once it is authentication by Apple. 
+ - Click "Continue", verify the details and click "Save".
 
  **NOTE**
  Please note that the Service ID that you just created will serve as your Client ID while sending authentication requests from your app.
 
 # Create the Secret Key
 We will also need to create a secret key that we can then use to generate the `Client Secret` which again will be used while sending an authentication request to Apple.
 
-1. Go to "Certificates, Identifiers & Profiles > Keys".
-2. Click the '+' button beside the 'keys'.
-2. Give a Key Name and check the "Sign In With Apple" checkbox.
-3. Click Configure next to the "Sign In With Apple" checkbox and select the App ID we previously created under the "Choose a Primary App ID" key. 
-4. Click save, verify the details and click Register.
-5. Download the Key and Keep it in a safe and secure place. `Please note that this can only be downloaded once, so save it to a safe and secure location`.
-6. Click Done.
+- Go to "Certificates, Identifiers & Profiles > Keys".
+ Click the '+' button beside the 'keys'.
+- Give a Key Name and check the "Sign In With Apple" checkbox.
+- Click Configure next to the "Sign In With Apple" checkbox and select the App ID we previously created under the "Choose a Primary App ID" key. 
+- Click save, verify the details and click Register.
+- Download the Key and Keep it in a safe and secure place. `Please note that this can only be downloaded once, so save it to a safe and secure location`.
+- Click Done.
+
 **NOTE**
-You can keep one App ID and a Secret Key and multiple Service IDs for each environment. But a better practice would be to decouple the App IDs, Service ID and Secret Key for different environments
+You can keep one App ID and a Secret Key and multiple Service IDs for each environment. But a better practice would be to decouple the App IDs, Service ID and Secret Key for different environments.

docs/manual/03_modules/05_infrastructure/03_devopsDeployment/04_AppleSSOSetup/02_generateClientSecret.md

@@ -6,61 +6,27 @@ We will need to generate a Client Secret for Apple to be able to send authentica
 
 You must have the following credentials already with you.
 
-- Key ID,
-- Team ID,
-- Client ID,
-- Developer Account's secret Key file
+- Developer Account's secret Key file, "This refers to the file that you had created while creating the secret key on Apple Developer account for this deployment." Path of the file could look something simiar to `/home/SecretFiles/AuthKey_M98LQ25T3Z.p8`
+- Key ID, "Key ID of the Secret key that you may have generated on Apple Developer account for this deployment". e.g. "M98LQ25T3Z". Note that the key identifier in your secret key file name is matching with the Key ID. "ZLWKHWSK48"
+- Team ID, "The team IT of the developer account. It can be obtained from the App ID that you have created for this deplooyment."
+- Client ID, "This is the service ID that you have created which can now be used as a client ID" e.g,e.g. "com.ir-engine.qat-dev.id" 
 
 # Generate the Client Secret
 
-You can make a request to Apple with the required credentials and generate the Client Secret. Following Code snippet can be used to request the Client Secret from Apple. This is written in Javascript but you can use pretty much any programming language to request a Client Secret from Apple provided that you have all what is listed in the Pre-Req section.
+You can make a request to Apple with the required credentials and generate the Client Secret. You can use the script written in the IR Engine's repository under `scripts/generate-apple-sso-token.ts` and generate an Apple key secret by running the following command on the root folder. Please refer to the Pre-Req section for details of the values being used in the command below. 
 
 ```
-var jwt = require('jsonwebtoken');
-
-const getAppleClientSecret = () => {
-    const privateKey = fs.readFileSync('Path to the Apple Secret Key');
-	AuthKey_2K4W7DYLQL.p8";
-	const keyId = "XXXXXXXXXXX";
-	const teamId = "XXXXXXXXXXX";
-	const clientId = "Client ID for the deployment, you can get it from Apple and also from the Client ID variabels at Admin/Settings#Authentication";
-
-	const headers = {
-		kid: keyId,
-		typ: "JWT",
-	}
-	const claims = {
-		'iss': teamId,
-		'aud': 'https://appleid.apple.com',
-		'sub': clientId,
-	}
-	token = jwt.sign(claims, privateKey, {
-		algorithm: 'ES256',
-		header: headers,
-		expiresIn: '180d'
-	});
-
-	return token
-
-}
-var AppleSecret = getAppleClientSecret();
-
+npm run generate-apple-sso-token -- --secretKeyPath <Secret_Key_Path>  --keyId <Secret_Key_ID> --teamId <Developer_Account_Team_ID> --clientId <ClientID_For_ServiceID>
 ```
 **NOTE**
-the Client Secret it could at maximum be set to 6 months, so we will have to regenerate it after that save it to wherever it was being used.
-
-You can run the above script as an independent Javascript code to generate the Apple Client Secret or you can also use the script written in the IR Engine's repository and generate an Apple key secret by running the following command on the root folder.
-
-```
-npm run create-apple-sso-secret -- --secretKeyPath \<Secret_Key_Path>  --keyId \<Secret_Key_ID> --teamId \<Developer_Account_Team_ID> --clientId \<ClientID_For_ServiceID>
-```
+The Client Secret's expiry could at maximum be set to 6 months, so we will have to regenerate it after that.
 
 # Updating the Client Secret in IR Studio
 
 Every 6 months, when the Client Secret will expire, you will have to get it updated in the running instances of IR Studio as per the following.
 
 - Generate a new Client Secret as mentioned above.
-- on the Deploed instance, go to '/admin/settings#authentication'.
+- On the deployed instance, go to '/admin/settings#authentication'.
 - Update the Apple Client Secret and hit save, it should take a couple of minutes to restart the API pods and should be done then.
 - Also update the client Secret value in the "Values.yaml" file for both the main release and builder. You can use the following command as reference for updating the Client Secret in Values.yaml files of the deployments. Run the command separately for Main and Builder release while updating the corresponding values accordingly.