How to setup Apple Sign-In using hapi's bell?

Question

I'm using bell (https://www.npmjs.com/package/bell) for authentication plugin. I used version 10.0.0.

I've setup the configuration in Apple developer site. I got this issue:

ERROR secretOrPrivateKey must be an asymmetric key when using ES256

Here is my apple authentication plugin for hapi

const jwt = require('jsonwebtoken')
const jwksClient = require('jwks-rsa')

const consola = require('consola')
const config = require('../config/server')

const client = jwksClient({
  jwksUri: 'https://appleid.apple.com/auth/keys',
  timeout: 30000
})

function getSecretKey () {
  const claims = {
    iss: config.authAppleSecretTeamId,
    iat: Math.floor(Date.now() / 1000),
    exp: Math.floor(Date.now() / 1000) + 86400 * 180,
    aud: 'https://appleid.apple.com',
    sub: config.authAppleId
  }
  const token = jwt.sign(claims, config.authAppleSecretPrivateKey, {
    algorithm: 'ES256',
    keyid: config.authAppleSecretKeyId
  })
  return token
}

function getApplePublicKey (kid) {
  return new Promise((resolve) => {
    client.getSigningKey(kid, (_, key) => {
      const publicKey = key.getPublicKey()
      resolve(publicKey)
    })
  })
}

const appleProvider = {
  auth: 'https://appleid.apple.com/auth/authorize',
  token: 'https://appleid.apple.com/auth/token',
  name: 'apple',
  protocol: 'oauth2',
  useParamsAuth: true,
  profile: async (credentials, params) => {
    const { header } = jwt.decode(params.id_token, { complete: true })
    const publicKey = await getApplePublicKey(header.kid)
    const resp = jwt.verify(params.id_token, publicKey)
    if (config.environment !== 'production') {
      console.log('appleProvider -> params, header, resp : ', params, header, resp)
    }
    const { sub, email, name } = resp
    credentials.profile = {
      id: sub,
      email,
      name: {
        first: name.firstName || '',
        last: name.lastName || ''
      }
    }
  }
}

module.exports.plugin = {
  name: 'auth-apple',
  register: (server, options) => {
    const strategy = {
      provider: appleProvider,
      providerParams: { response_mode: 'form_post' },
      scope: ['name', 'email'],
      password: config.authApplePassword,
      clientId: config.authAppleId,
      clientSecret: getSecretKey(),
      location: config.baseUrl,
      forceHttps: true,
      isSecure: true
    }

    if (['development', 'localtest'].includes(config.environment)) {
      consola.log(`Un-setting https for Apple auth strategy in ${config.environment}`)
      delete strategy.location
      delete strategy.forceHttps
      strategy.isSecure = false
    }
    server.auth.strategy('apple', 'bell', strategy)
  }
}

Also bell doesn't have default provider for Apple sign-in, we have to write it.

Any suggestion or guidance will be appreciated