Powered by Algolia

    AppleID Social Login

    Configuring authentication using AppleID

    Creating an Identifier

    1. Sign in to the Apple Developer Portal and select Certificates, Identifiers & Profiles from the menu.
    2. From the sidebar, select Identifiers, then click the blue + icon.
    3. Select App IDs → App, then click Continue.
    4. Fill in the required fields: Description and Bundle ID.
    5. In the list of capabilities, check Sign In with Apple.
    6. Click Continue and then Register.

    Apple Identifier

    Creating a Services ID

    The Services ID acts as the OAuth client_id for your application.

    1. Enter the Description (the name displayed to the user) and the Identifier (this becomes the OAuth client_id).
    2. Check the Sign In with Apple box.
    3. Click Configure next to Sign In with Apple.
    4. Define your domain and the redirect URLs for OAuth flow, e.g.:

    Domain: dev.openiam.com Redirect: https://dev.openiam.com/idp/social/appleid/callback

    Ensure the server uses an SSL connection.

    1. Make sure the associated App ID is selected as the Primary App ID.
    2. Click Save, then Continue and Register.

    You now have an App ID container and a Services ID for OAuth login.

    Apple Services

    Creating a Private Key for Client Authentication

    Apple uses a public/private key pair, where the client secret is a signed JWT.

    1. Go to Certificates, Identifiers & Profiles > Keys.
    2. Click the blue + icon to register a new key.
    3. Provide a name for the key and check Sign In with Apple.
    4. Click Configure and select your primary App ID.
    5. Apple will generate a private key, which you can download only once.
    6. Keep this key safe; it will be uploaded in OpenIAM.

    Apple Keys

    Configuring OpenIAM

    1. Create a new Authentication Provider of type AppleID.
    2. Fill in the following fields: TeamID, KeyID, ClientID, and other required fields (Managed System, Login Module, Password Policy).
      • Other fields have default Apple values; do not modify them.
    3. Save the configuration.
    4. After the page reloads, upload the private key. It is stored securely in the Vault.

    After a few minutes, the Sign in with Apple button will appear. Users must have an identity in OpenIAM that matches their Apple email address.

    Testing the Feature

    1. On the login page, click Sign in with Apple.
    2. Apple will prompt the user to share information with the app.
    3. If credentials are valid and the email matches an IAM identity that is not locked or disabled, the user will be logged in.

    Example of a correct redirection URL after clicking Sign in with Apple:

    AppleID Authorization Example

    Previous
    LinkedIn Social Login
    Next
    Adaptive authentication