This is actually my personal note that I put together. I find myself doing this frequently, so I wanted to create a single comprehensive guide covering everything I need to know. Before writing this, I used to spend hours jumping between different websites trying to figure this out, and it was super frustrating and confusing - even Apple's official documentation doesn't really give you the practical steps you need. So, let's dive in!
Prerequisites
- You have an active Apple Developer Account. The membership fee is $99 USD per year.
- You are developing a website or mobile application that wants to use the "Sign In with Apple" feature.
- Make sure you have access to the Apple Developer Portal for Certificates, Identifiers & Profiles.
Start
To use the "Sign In with Apple" feature, we need 2 credentials:
- Client ID: we get this when creating a "Services ID".
- Client Secret: this one's a bit tricky because we need to generate a json-web-token (JWT). To create it, we need an App ID, Services ID, and Keys that will be combined as the payload. But don't worry, I've created a generator at the end of this guide. 👌🏻
Creating an App ID
First thing we need to do is create an App ID. Which is basically an App ID is just a unique "identifier" for your application.
Visit the Certificates, Identifiers & Profiles - Identifiers Section.
-
Click the add button (with the plus icon at the top), and select "App IDs".
-
Choose the identifier type. For applications, select App.
-
Fill in the description with a memorable text, then fill in the "Bundle ID" according to your application. Here's an example:
-
In the capabilities section, select "Sign In with Apple", then click edit.
-
Select "Enable as a primary App ID". If you need server-to-server notifications, you can also add your API endpoint here. Then click "Save".
Once you've configured everything, click "Continue" at the top, then click "Register" to finish creating your App ID.
Creating a Services ID
Go back to the Certificates, Identifiers & Profiles - Identifiers Section.
-
From the dropdown menu on the right, select "Services IDs". Click the plus icon at the top and select "Services IDs".
-
Enter a memorable description and fill the "Identifier" for your application. Here's an example:
⚠️ Important note: keep this identifier - you'll need it as the "Client ID" in your application.
-
Once you've configured everything, click "Continue" at the top, then click "Register" to finish creating your Services ID.
-
Find your newly created Services ID in the list and click it to configure "Sign In with Apple" feature.
-
Look for the "Sign In with Apple" checkbox, check it, and click "Configure".
-
In the "Primary App ID" dropdown, select the App ID we created previously.
Fill in "Domains and Subdomains" with your domain, and "Return URLs" with your application callback's page.
⚠️ Important note: Apple requires HTTPS domains. If you don't have any domains and/or still in development, you can use services like ngrok or lokal.so to publish and get an HTTPS domain for your local development environment.
Click "Next" and then "Done" to finish the domain configuration.
-
Once you've covered everything, click "Continue" at the top and "Save" to complete the entire setup.
Creating a Keys ID
Head over to Certificates, Identifiers & Profiles - Keys Section.
-
Click the plus icon at the top to add a new key.
-
Enter a memorable "Key Name". Here's an example:
-
Find and check the "Sign In with Apple" checkbox, then click "Configure".
-
In the "Primary App ID" dropdown, select the App ID we created previously. Click "Save".
-
Once you've configured everything, click "Continue" at the top and "Register" to complete the setup.
-
Next, you'll be taken to a download page. Click "Download" and store it somewhere safe and secure, because this is your only chance to download it.
⚠️ ⚠️ ⚠️ - Critical Notes:
First: If you lose this key or accidentally expose it publicly, immediately revoke it from the same dashboard. Just select the compromised key and click "Revoke".
Second: These keys have a 6-month lifespan before they expire. Make sure to set a reminder to create a new key before the current one expires.
After you've confirmed it's safely stored, click "Done".
Creating Your Client Secret
Now that you've got all your IDs and keys set up, you'll need to gather a few things to generate your Client Secret:
-
Team Account ID: Your Apple Developer Account ID. You can find this in the top-right corner of your Apple Developer dashboard under your profile.
-
Services ID: The Services ID you created earlier.
-
Keys ID File: The Keys ID file you downloaded earlier.
-
Keys ID: The last 10 alphanumeric characters of your Keys ID filename.
Example:
AuthKey_XX123456XX.p8
→ Your Key ID is:XX123456XX
.
Once you have all these ready, you can generate your Client Secret using the tool I've created below:
⚠️
This tool only works in Chrome/Firefox browser.
Your Apple Developer Account ID, 10 alphanumeric characters.
Your recently created Services ID. See here.
The filename format is usually like this: AuthKey_XX123456XX.p8. See here.
Get it from the last 10 alphanumeric characters from the Keys ID filename above. See here.
Expire: -
Don't forget to generate new key before expiry date!
🔒
Privacy-first: this tool runs entirely in your browser, no server involved! See the code here.
All Set!
Congratulations! You've successfully configured all the essential components for "Sign In with Apple": App ID, Services ID, Keys, and Client Secret. Now you're ready to integrate this feature into your application.
For the integration itself, I have a couple of recommendations. You can either use an authentication service like Supabase Auth or go with a library like better-auth. I've used both in my personal projects without any significant issues. 👍🏻
I hope this guide helps! If you run into any problems, they're usually related to domain or callback URL configuration - the key is to make sure your sign-in flow works perfectly in the development environment before moving to production.
If you have any questions or need further clarification, feel free to reach out to me on Twitter/X. Good luck!