[BUG] Apple Sign-In: Add support for response_mode=form_post when requesting name or email scopes

[tfraley]

Body:

When configuring “Sign In with Apple” as an OAuth provider, Apple requires that if you request the name or email scopes, the authorize request must include response_mode=form_post. Otherwise, you receive the following error on login:

invalid_request
response_mode must be form_post when name or email scope is requested.

Currently, Fider’s provider configuration does not support adding custom/extra auth parameters, nor does it appear to automatically add this param for Apple. This means Sign In with Apple only works with the minimal openid scope (which provides no user info), and prevents receiving the user’s name/email as described in Apple’s docs.

Feature Request:
Please add support for setting custom authorization parameters—specifically, so Fider can send response_mode=form_post when name or email is requested from Apple.

References:

• Apple’s [Sign in with Apple docs](https://developer.apple.com/documentation/signinwithapplerestapi/request-an-authorization-to-the-sign-in-with-apple-server)
• Error example:
  ![screenshot or error text if you have it]

Impact:
Without this, “Sign in with Apple” in Fider can only provide pseudonymous Apple user IDs, and cannot collect user name/email for app onboarding or integration with existing registration flows.

[mattwoberts]

@tfraley I might be being thick - but can you provide some docs about this setting from apple - that link doesn't work and I can't find any

[tfraley]

@tfraley I might be being thick - but can you provide some docs about this setting from apple - that link doesn't work and I can't find any

Hey 👋 here are the updated working docs:
• Sign in with Apple JS → https://developer.apple.com/documentation/signinwithapplejs/
• Web configuration (Domains & Return URLs screen) → https://developer.apple.com/help/account/capabilities/configure-sign-in-with-apple-for-the-web/
• Overview/API index → https://developer.apple.com/documentation/signinwithapple

Basic version of what we found:
When you try to log in with Apple on the web, Apple doesn’t just want your username. They also want you to ask for extra info like name or email. To do that, the login request has to include two special settings:
1. response_mode=form_post → tells Apple to send the info back in a safe way.
2. scope (name, email) → tells Apple what extra info you want.

Right now, Fider can log you in with Apple, but it can’t pass those two settings, which means you only get a bare login (no name/email).

[mattwoberts]

@tfraley Hi - see pull request that fixes this issue. I've not had much of a look at the PR yet, but are you able to see if this solves your issue with Apple ?

[mattwoberts]

@tfraley (or anyone else that is interested in this) - I don't have an apple developer account so I can't verify if the fix works. The code looks decent, so I'm leaving this for someone with an account to hopefully check.

[tfraley]

Thanks @mattwoberts
I’m out of town for work right now, but once I’m back home I’ll give it a try.
I do have an Apple Developer account, so I can help verify the fix.