diff --git a/admin_frontend/assets/apple/logo.html b/admin_frontend/assets/apple/logo.html
new file mode 100644
index 00000000..5bde963f
--- /dev/null
+++ b/admin_frontend/assets/apple/logo.html
@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 814 1000" height="48" width="auto">
+  <path d="M788.1 340.9c-5.8 4.5-108.2 62.2-108.2 190.5 0 148.4 130.3 200.9 134.2 202.2-.6 3.2-20.7 71.9-68.7 141.9-42.8 61.6-87.5 123.1-155.5 123.1s-85.5-39.5-164-39.5c-76.5 0-103.7 40.8-165.9 40.8s-105.6-57-155.5-127C46.7 790.7 0 663 0 541.8c0-194.4 126.4-297.5 250.8-297.5 66.1 0 121.2 43.4 162.7 43.4 39.5 0 101.1-46 176.3-46 28.5 0 130.9 2.6 198.3 99.2zm-234-181.5c31.1-36.9 53.1-88.1 53.1-139.3 0-7.1-.6-14.3-1.9-20.1-50.6 1.9-110.8 33.7-147.1 75.8-28.5 32.4-55.1 83.6-55.1 135.5 0 7.8 1.3 15.6 1.9 18.1 3.2.6 8.4 1.3 13.6 1.3 45.4 0 102.5-30.4 135.5-71.3z"/>
+</svg>
diff --git a/admin_frontend/assets/discord/logo.html b/admin_frontend/assets/discord/logo.html
index 37ade75e..60218dd4 100644
--- a/admin_frontend/assets/discord/logo.html
+++ b/admin_frontend/assets/discord/logo.html
@@ -1,4 +1,4 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 127.14 96.36">
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 127.14 96.36" height="40" width="auto">
   <path
     fill="#5865f2"
     d="M107.7,8.07A105.15,105.15,0,0,0,81.47,0a72.06,72.06,0,0,0-3.36,6.83A97.68,97.68,0,0,0,49,6.83,72.37,72.37,0,0,0,45.64,0,105.89,105.89,0,0,0,19.39,8.09C2.79,32.65-1.71,56.6.54,80.21h0A105.73,105.73,0,0,0,32.71,96.36,77.7,77.7,0,0,0,39.6,85.25a68.42,68.42,0,0,1-10.85-5.18c.91-.66,1.8-1.34,2.66-2a75.57,75.57,0,0,0,64.32,0c.87.71,1.76,1.39,2.66,2a68.68,68.68,0,0,1-10.87,5.19,77,77,0,0,0,6.89,11.1A105.25,105.25,0,0,0,126.6,80.22h0C129.24,52.84,122.09,29.11,107.7,8.07ZM42.45,65.69C36.18,65.69,31,60,31,53s5-12.74,11.43-12.74S54,46,53.89,53,48.84,65.69,42.45,65.69Zm42.24,0C78.41,65.69,73.25,60,73.25,53s5-12.74,11.44-12.74S96.23,46,96.12,53,91.08,65.69,84.69,65.69Z"
diff --git a/admin_frontend/assets/github/logo.html b/admin_frontend/assets/github/logo.html
index 758f4207..5ead2cbf 100644
--- a/admin_frontend/assets/github/logo.html
+++ b/admin_frontend/assets/github/logo.html
@@ -2,6 +2,8 @@
   viewBox="0 0 98 96"
   xmlns="http://www.w3.org/2000/svg"
   preserveAspectRatio="xMidYMid meet"
+  height="48"
+  width="auto"
 >
   <path
     fill-rule="evenodd"
diff --git a/admin_frontend/assets/google/logo.html b/admin_frontend/assets/google/logo.html
index 71435934..33e12ccc 100644
--- a/admin_frontend/assets/google/logo.html
+++ b/admin_frontend/assets/google/logo.html
@@ -1,33 +1,24 @@
-<button type="button" class="gsi-material-button">
-  <div class="gsi-material-button-state"></div>
-  <div class="gsi-material-button-content-wrapper">
-    <div class="gsi-material-button-icon">
-      <svg
-        version="1.1"
-        xmlns="http://www.w3.org/2000/svg"
-        viewBox="0 0 48 48"
-        xmlns:xlink="http://www.w3.org/1999/xlink"
-        style="display: block"
-      >
-        <path
-          fill="#EA4335"
-          d="M24 9.5c3.54 0 6.71 1.22 9.21 3.6l6.85-6.85C35.9 2.38 30.47 0 24 0 14.62 0 6.51 5.38 2.56 13.22l7.98 6.19C12.43 13.72 17.74 9.5 24 9.5z"
-        ></path>
-        <path
-          fill="#4285F4"
-          d="M46.98 24.55c0-1.57-.15-3.09-.38-4.55H24v9.02h12.94c-.58 2.96-2.26 5.48-4.78 7.18l7.73 6c4.51-4.18 7.09-10.36 7.09-17.65z"
-        ></path>
-        <path
-          fill="#FBBC05"
-          d="M10.53 28.59c-.48-1.45-.76-2.99-.76-4.59s.27-3.14.76-4.59l-7.98-6.19C.92 16.46 0 20.12 0 24c0 3.88.92 7.54 2.56 10.78l7.97-6.19z"
-        ></path>
-        <path
-          fill="#34A853"
-          d="M24 48c6.48 0 11.93-2.13 15.89-5.81l-7.73-6c-2.15 1.45-4.92 2.3-8.16 2.3-6.26 0-11.57-4.22-13.47-9.91l-7.98 6.19C6.51 42.62 14.62 48 24 48z"
-        ></path>
-        <path fill="none" d="M0 0h48v48H0z"></path>
-      </svg>
-    </div>
-    <span style="display: none">Sign in with Google</span>
-  </div>
-</button>
+<svg
+  version="1.1"
+  xmlns="http://www.w3.org/2000/svg"
+  viewBox="0 0 48 48"
+  xmlns:xlink="http://www.w3.org/1999/xlink"
+>
+  <path
+    fill="#EA4335"
+    d="M24 9.5c3.54 0 6.71 1.22 9.21 3.6l6.85-6.85C35.9 2.38 30.47 0 24 0 14.62 0 6.51 5.38 2.56 13.22l7.98 6.19C12.43 13.72 17.74 9.5 24 9.5z"
+  ></path>
+  <path
+    fill="#4285F4"
+    d="M46.98 24.55c0-1.57-.15-3.09-.38-4.55H24v9.02h12.94c-.58 2.96-2.26 5.48-4.78 7.18l7.73 6c4.51-4.18 7.09-10.36 7.09-17.65z"
+  ></path>
+  <path
+    fill="#FBBC05"
+    d="M10.53 28.59c-.48-1.45-.76-2.99-.76-4.59s.27-3.14.76-4.59l-7.98-6.19C.92 16.46 0 20.12 0 24c0 3.88.92 7.54 2.56 10.78l7.97-6.19z"
+  ></path>
+  <path
+    fill="#34A853"
+    d="M24 48c6.48 0 11.93-2.13 15.89-5.81l-7.73-6c-2.15 1.45-4.92 2.3-8.16 2.3-6.26 0-11.57-4.22-13.47-9.91l-7.98 6.19C6.51 42.62 14.62 48 24 48z"
+  ></path>
+  <path fill="none" d="M0 0h48v48H0z"></path>
+</svg>
diff --git a/deploy.env b/deploy.env
index 8ee278c3..1f2788fc 100644
--- a/deploy.env
+++ b/deploy.env
@@ -70,6 +70,11 @@ GOTRUE_EXTERNAL_DISCORD_ENABLED=false
 GOTRUE_EXTERNAL_DISCORD_CLIENT_ID=
 GOTRUE_EXTERNAL_DISCORD_SECRET=
 GOTRUE_EXTERNAL_DISCORD_REDIRECT_URI=http://your-host/gotrue/callback
+# Apple OAuth2
+GOTRUE_EXTERNAL_APPLE_ENABLED=false
+GOTRUE_EXTERNAL_APPLE_CLIENT_ID=
+GOTRUE_EXTERNAL_APPLE_SECRET=
+GOTRUE_EXTERNAL_APPLE_REDIRECT_URI=http://your-host/gotrue/callback
 
 # File Storage
 # This is where storage like images, files, etc. will be stored
@@ -121,4 +126,4 @@ APPFLOWY_HISTORY_DATABASE_URL=postgres://postgres:password@postgres:5432/postgre
 
 # AppFlowy Indexer
 APPFLOWY_INDEXER_DATABASE_URL=postgres://postgres:password@postgres:5432/postgres
-APPFLOWY_INDEXER_REDIS_URL=redis://redis:6379
\ No newline at end of file
+APPFLOWY_INDEXER_REDIS_URL=redis://redis:6379
diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index 98da16c8..97c7fae4 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -72,6 +72,11 @@ services:
       - GOTRUE_EXTERNAL_GOOGLE_CLIENT_ID=${GOTRUE_EXTERNAL_GOOGLE_CLIENT_ID}
       - GOTRUE_EXTERNAL_GOOGLE_SECRET=${GOTRUE_EXTERNAL_GOOGLE_SECRET}
       - GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI=${GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI}
+      # Apple OAuth config
+      - GOTRUE_EXTERNAL_APPLE_ENABLED=${GOTRUE_EXTERNAL_APPLE_ENABLED}
+      - GOTRUE_EXTERNAL_APPLE_CLIENT_ID=${GOTRUE_EXTERNAL_APPLE_CLIENT_ID}
+      - GOTRUE_EXTERNAL_APPLE_SECRET=${GOTRUE_EXTERNAL_APPLE_SECRET}
+      - GOTRUE_EXTERNAL_APPLE_REDIRECT_URI=${GOTRUE_EXTERNAL_APPLE_REDIRECT_URI}
       # GITHUB OAuth config
       - GOTRUE_EXTERNAL_GITHUB_ENABLED=${GOTRUE_EXTERNAL_GITHUB_ENABLED}
       - GOTRUE_EXTERNAL_GITHUB_CLIENT_ID=${GOTRUE_EXTERNAL_GITHUB_CLIENT_ID}
diff --git a/docker/gotrue.Dockerfile b/docker/gotrue.Dockerfile
index 4831b37f..193f5d63 100644
--- a/docker/gotrue.Dockerfile
+++ b/docker/gotrue.Dockerfile
@@ -1,6 +1,6 @@
 FROM golang as base
 WORKDIR /go/src/supabase
-RUN git clone https://github.com/supabase/gotrue.git --depth 1 --branch v2.117.0
+RUN git clone https://github.com/supabase/gotrue.git --depth 1 --branch v2.159.1
 WORKDIR /go/src/supabase/gotrue
 COPY docker/gotrue.patch .
 RUN git apply gotrue.patch
diff --git a/docker/gotrue.patch b/docker/gotrue.patch
index 45d30103..651e62b8 100644
--- a/docker/gotrue.patch
+++ b/docker/gotrue.patch
@@ -1,25 +1,12 @@
-diff --git a/internal/api/api.go b/internal/api/api.go
-index d9016fd0..924ce018 100644
---- a/internal/api/api.go
-+++ b/internal/api/api.go
-@@ -175,7 +175,7 @@ func NewAPIWithVersion(ctx context.Context, globalConfig *conf.GlobalConfigurati
- 		})
+diff --git a/internal/api/settings.go b/internal/api/settings.go
+index bc2f3869..c0025f48 100644
+--- a/internal/api/settings.go
++++ b/internal/api/settings.go
+@@ -36,6 +36,7 @@ type Settings struct {
+ 	MailerAutoconfirm bool             `json:"mailer_autoconfirm"`
+ 	PhoneAutoconfirm  bool             `json:"phone_autoconfirm"`
+ 	SmsProvider       string           `json:"sms_provider"`
++	MFAEnabled        bool             `json:"mfa_enabled"` // preserve for backwards compatibility
+ 	SAMLEnabled       bool             `json:"saml_enabled"`
+ }
  
- 		r.Route("/sso", func(r *router) {
--			r.Use(api.requireSAMLEnabled)
-+			// r.Use(api.requireSAMLEnabled)
- 			r.With(api.limitHandler(
- 				// Allow requests at the specified rate per 5 minutes.
- 				tollbooth.NewLimiter(api.config.RateLimitSso/(60*5), &limiter.ExpirableOptions{
-diff --git a/internal/api/saml.go b/internal/api/saml.go
-index d936ff2f..011d098c 100644
---- a/internal/api/saml.go
-+++ b/internal/api/saml.go
-@@ -24,6 +24,7 @@ func (a *API) getSAMLServiceProvider(identityProvider *saml.EntityDescriptor, id
- 		externalURL.Path += "/"
- 	}
- 
-+	externalURL.Path += "gotrue/"
- 	externalURL.Path += "sso/"
- 
- 	provider := samlsp.DefaultServiceProvider(samlsp.Options{