Sign In with Apple Configuration Guide


Sign in with Apple is Apple’s foray into the world of social login: if you add support for Sign in with Apple to your website or app users will be able to register and to log on by using their Apple ID. Equally important, Apple has announced that – sometime down the road – Sign in with Apple will be required for apps available in the Apple App Store that allow social login: if your app allows users to login with, say, their Facebook or Twitter accounts then that app will have to allow users to login in with their Apple ID. See the Apple Developer Center for more information.

Before You Begin

To use Sign in with Apple for social login you must:

  1. Obtain an Apple developer account from https://developer.apple.com.
  2. Do one of the following:
    • Open a previously-created Sign in with Apple application and copy the team ID, services ID, key ID, and key value.
    • Create a new application and copy the team ID, services ID, key ID, and key value.
  3. Use the Social Login Dashboard and the preceding information to configure Apple as a social login provider.

In This Configuration Guide

  • Creating a Sign In with Apple App for Social Login
  • Configuring Sign in with Apple as a Social Login Provider
  • Assigning a Different Sign in with Apple App for Social Login
  • Removing Amazon as a Social Login Provider
     

Creating a with Sign In with Apple App

In this section of the documentation, we’ll explain how you can use the Apple Developer Center to create an app that works with Sign In with Apple. This process requires you to log on to the Developer Center and:

  • Create an app identifier
  • Create a services identifier
  • Create a private key

At first glance that might seem like a lot to do, but the following instructions will walk you through each task, step-by-step.

Important. Before you begin, keep in mind that Apple charges for its developer accounts, or at least for accounts that have the permissions needed to create a Sign In with Apple app. In order to use Sign In with Apple, you’ll need to spend $99 and enroll in the Apple Developer Program: the instructions in this documentation will not work for anyone logged on with the free Apple Developer account.


Creating an App Identifier

To create an app for use with Sign in with Apple, you must start by creating an app identifier. To do that, complete the following steps:

  1. Log on to the Apple Developer site (https://developer.apple.com) using your Apple Developer Program account. Remember: the free developer account does not provide access to the resources needed to create an app.
     
  2. After logging on, click Certificates, Identifiers & Profiles:
  3. On the Certificates, Identifiers & Profiles page, click Identifiers:
  4. On the Identifiers page, click the plus sign to create a new identifier:
  5. On the Register a New Identifier page, select App IDs and then click Continue:
  6. On the Register an App ID page, do the following:

  • Select the Platform that the app will run on. You can choose between iOS, tvOS, watchOS (for iPhones and other mobile devices) and macOS (for computers).
     
  • Enter a brief description of your app in the Description field. Note that you can only use letters, numbers, or blank spaces in your description. Special characters – including hyphens, commas, and periods – are not allowed.
     
  • Enter a “Bundle ID” for your app in the Bundle ID field. A bundle ID is nothing more than a unique identifier for the app. Apples recommends using a reverse-domain name string as the bundle ID. For example, if your domain is documentation.akamai.com then your bundle ID would be com.akamai.documentation. Note that, once created, bundle IDs cannot be changed.

    Oh: and be sure to select Explicit when entering the bundle ID.

After completing these steps the top part of your Register an App ID page should look similar to this:

  1. On the Register an App ID page, scroll down the page, select Sign In with Apple, and then click Continue:
  2. On the Confirm Your App ID page, verify that all your settings are correct and then click Register:
    If all goes well, you’ll now have a new app ID.


Creating a Services Identifier

After you have your app ID, the next step is to create a service identifier; this identifier will function as your app’s client ID. To create the service ID, complete the following steps:

  1. On the Identifiers page, click the plus sign to create a new identifier:
  2. On the Register a New Identifier page, select Service IDs and then click Continue:
  3. On the Register a Services ID page, do the following:

  • In the Description field, enter a description for the services ID (this can be, but does not have to be, the same description that you gave your app ID). As with the app ID, you are limited to using letters, numbers, and blank spaces.
     
  • Enter a services ID in the Identifier field. For ease of use, the services identifier should be similar to your app ID, although there must be some difference between the two (identifiers must be unique). Because the services ID functions as your client ID, our sample identifier shown below consists of the app ID plus the appended string value -services:
  1. At the bottom of the page select Sign In with Apple and then click Configure:
  2. On the Web Authentication Configuration page, click the Primary App ID dropdown list and select your application:
  3. In the Domain section, enter the URL to your website (e.g., documentation.akamai.com) in the Web Domain field, and your redirect URL (e.g., documentation.akamai.com/apple/callback) in the Return URLs field. (If you have multiple redirect URLs, click Add and continue to add redirect URLs as needed.) Note that the URL specified as the web domain does not have to be in the same domain as any of your redirect URLs.

    The Domains section should look similar to this:
    This is a good time to point out that the Download and Verify buttons (which we’ll discuss in a minute) will only appear if you have the Account Holder or Admin role for your developer account. If you have a different role the Download and Verify buttons will not be available:

Does it matter whether or not these buttons are available or not? As a matter of fact it does: to configure Sign In with Apple you must prove that this domain really belongs to you. As we’re about to see, you use the Download and Verify buttons to prove domain ownership.

  1. In the Domains section, click Download. This downloads a file (apple-developer-domain-association.txt) that looks similar to this:
    Numbered List Properties
  2. Copy the file to your website. The URL that points to the file should look similar to the following:

    https://documentation.akamai.com/.well-known/apple-developer-domain-association.txt
     
  3. After the file has been uploaded to your website, click Verify. If your domain passes the verification test (meaning that the Apple server was able to find the file apple-developer-domain-association.txt at the expected location), click Save.
     
  4. On the Register a Services ID page, click Continue. Keep in mind that, your domain did not pass the verification test (or if you skipped the verification test), the Continue button won’t be available:
    You cannot create a services ID without a valid, and verified, domain.
     
  5. On the Register a Services ID page, click Register.


Creating a Private Key

With the service ID in hand, you now need to create a private key (which is effectively the password for your app, and which should not be shared with anyone). To create a key, complete the following steps:

  1. On the Certificates, Identifiers & Profiles page, click Keys:
  2. On the Keys page, click the blue and white plus sign to create a new key:
  3. On the Register a New Key page, enter a name for your new key in the Key Name field (again, you are limited to letters, numbers, and blank spaces when assigning a key name):
  4. At the bottom of the page, click Sign In with Apple and then click Configure:
  5. On the Configure Key page, click the Choose a Primary App ID dropdown list, select the name of your app, and then click Save:
  6. On the Register a New Key page, click Continue. Verify that the key information is correct, and then click Register. The Download Your Key page appears:
  7. The actual value of the key (which you’ll need  in order to configure Sign In with Apple as a social login provider) is not displayed on the Download Your Key page; the only way to get the value of the key is to click the Download button. Note, too that you only get one opportunity to download the key; if you click Download and then later look up the key you’ll see that the option to download the key is no longer available:
    How can you retrieve the key value if the Download button is no longer available? To be honest, you can’t. If you have lost (or if you never saved) the key value, your only recourse is to create a new key.

The downloaded key will be a small text file (less than 300 bytes) which looks similar to this:

-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQg5af/YNd/MYi+uvn7
kbaLfMAfANzCiu4lsK2c9/HAZt2gCgYIKoZIzj0DAQehRANCAAT1DndKqU//Tbe8
t4osrgx3JcgRoxdroXPuzwJi6eeaZfPtFzNya2k7BaUSUjL2rxHUPDhcTh+myQN8
V9fjrbZn
-----END PRIVATE KEY-----

When configuring Sign In with Apple for social login, you must copy the entire file, including the lines ----BEGIN PRIVATE KEY---- and ----END PRIVATE KEY----.


Configuring Sign In with Apple as a Social Login Provider

To configure Sign In With Apple as a social login provider, make sure you have the following information at your disposal:

  • Your Apple Developer Platform team ID.
  • Your services identifier.
  • Your private key ID.
  • Your private key value.

Once you have the preceding information, you can then complete the following procedure:

  1. Log on to your Social Login Dashboard (https://dashboard.janrain.com).
  2. From the Dashboard home page, click the Manage Engage Dashboard icon.
  3. From the Engage Dashboard home page, in the Widgets and SDKs section, click Sign-Ins.
  4. From the Sign-in page, verify that Widget is selected and then expand Providers:
  5. From the list of Providers, click Apple:
  6. In the Apple dialog box, click Next until you reach the screen requesting information about your Sign In with Apple app:

  1. In the Apple dialog box:

  • Enter your team ID in the Team ID field.
  • Enter your services identifier in the Services ID field.
  • Enter your key value in the Key field.
  • Enter your key ID in the Key ID field.

  1. Click Save, and then click Close. Sign In with Apple appears in your social login widget:
  2. When you are finished, select Save. Note that it might take as long as one hour before Sign In with Apple appears as a social login option on your web site.


Assigning a Different Sign in With Apple App for Social Login

If you want to use a different Sign in with Apple app or if you need to change your existing app, you must update the Apple provider configuration settings. To do that, complete the following procedure:

  1. From the Engage Dashboard home page, click the Manage Providers icon.
  2. On the Configure Providers page, click Apple.
  3. Click the green Configured button to display the Apple is currently enabled dialog box:
  4. To change the Apple configuration, click Modify these settings.
  5. In the Apple dialog box, change the Team IDServices IdKey and Key Value fields as needed, and then click Save:

Although you can modify your Sign in with Apple settings, you cannot delete these settings. If you delete the settings and try to save your changes, you’ll see the error message Please enter Team ID, Services ID, Key and Key ID.

This means that you cannot “unconfigure” the provider: once configured, the Apple icon will always be shown as green (i.e., configured) in the Social Login Dashboard.


Removing Sign in with Apple as a Social Login Provider

If you no longer want to use Sign in with Apple for social login, you can remove Apple as a social login provider by completing the following procedure:

  1. Log on to your Social Login Dashboard (https://dashboard.janrain.com).
  2. From the Dashboard home page, click the Manage Engage Dashboard icon.
  3. From the Dashboard home page, in the Widgets and SDKs section, click Sign-Ins.
  4. From the Sign-in page, verify that Widget is selected and then expand Providers.
  5. In the widget, click the X in the upper right corner of the Apple icon.
  6. Scroll to the bottom of the page, select Save and Publish, and then click Publish. Apple no longer appears in the sign-on widget.

Note. You must always have at least one social login provider in the widget. If you delete all the providers and then click Publish, you’ll see the error message Couldn’t save configuration: No providers.