HomeStatus Page

How to configure Apple SSO login

To create an Apple SSO login, you'll need to follow these steps:

Create an App ID and configure Sign in with Apple:

  1. Go to the Apple Developer Portal and sign in with your Apple Developer account.
  2. Click on your account.
  3. In the "Certificates, Ids & Profiles" section please select "Identifiers".
  4. Click the "+" button to create a new App ID.
  5. Edit existing App / Choose "App" and click "Continue".
  6. Fill in the required fields:
    1. Description
    2. Bundle ID
    3. Under "Capabilities" select "Sign in with Apple".
      Click "Continue" and then click "Register" to create the App ID.
      After registering you should be redirected back to the identifiers page.

Create a Service ID for your web application:

  1. In the "Certificates, Ids & Profiles" section please select "Identifiers".
  2. Click the "+" button and select "Services IDs", then click "Continue".
  3. Fill in the required fields:
    1. Description
    2. Identifier - reversed domain
      click "Continue" and then click "Register".
      After registering you should be redirected back to the identifiers page.
  4. Click on the newly created Service ID, a details page will open.
    Select the checkbox next to the "Sign in with Apple" capability, and click "Configure".
  5. Add your domain and redirect URLs as follows:
    1. Add your domain in the "Domains and Subdomains" section. You'll need to verify your domain by following the instructions provided by Apple.
      1. Example for store domain: https://shop.sweetsugarbakery.com
    2. Add your redirect URL(s) in the "Return URLs" section. This is where the user will be redirected to after a successful authentication.
      After a successful configuration, confirm the list you’d like to add to this Services ID and click Done.
      To complete the process, click Continue, then click Save.
      1. Example for return URL: https://shop.sweetsugarbakery.com/login?apple=true

Create a private key for client authentication:

  1. In the "Certificates, Ids & Profiles" section, click "Keys".
  2. Click the "+" button to create a new key.
  3. Fill in the key name, check "Sign in with Apple" and click "Configure".
  4. Select the primary App ID you created earlier, then click "Save" and "Continue".
  5. Review the key details and click "Register".
  6. Download the private key (.p8 file) and securely store it. You'll need this to authenticate your server.

Implement the Sign in with Apple button on your frontend:

  1. Add the "Sign in with Apple" button to your frontend following Apple's Human Interface Guidelines.
  2. In order to get the client secret for the verification in the backend that is mentioned below, run the following python script:
import jwt
from datetime import datetime, timedelta
client_id = 'CLIENT_SERVICE_ID'
team_id = 'APPLE_DEVELOPER_TEAM_ID'
private_key = '''-----BEGIN PRIVATE KEY-----
YOUR PRIVATE KEY
-----END PRIVATE KEY-----''' # Private key in PEM format
header = {
 'alg': 'ES256',
 'kid': YOUR_PRIVATE_KEY_ID # Key ID for your private key
}
payload = {
 'iss': team_id,
 'iat': datetime.utcnow(),
 'exp': datetime.utcnow() + timedelta(days=180),# 180 days expiration time
 'aud': 'https://appleid.apple.com',
 'sub': client_id
}
client_secret = jwt.encode(payload, private_key, algorithm='ES256', headers=header)
print(client_secret)