Skip to main content

Apple

Apple setup

Configuring Apple as a Social Provider

In this section, we will show you how to provide Apple as an option on your cidaas login page. After configuring Apple as a social provider in cidaas, you will get a new option called

  • Login with Apple on the login page.
  • Sign up with Apple on the registration page.

On your login page.

social-login-provider-display-page

Prerequisites

Before you begin, ensure you have:

  • Active Apple Developer Program membership ($99/year)
  • Domain ownership verification for your website
  • Administrative access to cidaas portal
  • Basic knowledge of JWT tokens and cryptographic keys

Overview

The overall process consists of 5 main steps:

  1. Prerequisites check: Verify Apple Developer Program membership
  2. On cidaas admin portal: Get Redirect URL for Apple
  3. On Apple developer console: Create App ID with Sign in with Apple capability
  4. On Apple developer console: Create Services ID and configure domains
  5. On Apple developer console: Create Key ID and generate client secret
  6. On cidaas admin portal: Configure Apple provider with credentials

We'll guide you through each step — it's straightforward when done in the right order.

Apple Developer Setup

Step 1: Get Redirect URL from cidaas

In this section, you'll get the Apple Redirect URL from cidaas admin portal, which you'll need for Apple configuration.

  1. Log in to the cidaas Admin portal. Navigate to cidaas Admin dashboard → Settings → Login Providers → Social Providers, select Apple from the menu and click on Create provider.

    social-login-provider

    Amazon-select

  2. Scroll down to the section "Configuration Steps for Apple," which will show Redirect_URL. Copy and save this URL - you'll need it in Step 4.

    social-provider-apple-uri

Note: Keep this redirect URL handy - you'll use it when configuring the Services ID in Apple Developer Console.

Step 2: Create an App ID

In this section, you will create an Apple App ID on the Apple developer portal.

  1. Log in to your Apple Developer Portal and click on Certificates, IDs, & Profiles.

  2. Select Identifiers, and from the right drop-down, select App IDs and then click the blue plus icon.

  3. Select App IDsContinue, and then select the App type and click on Continue.

  4. Add the description and bundle ID as recommended by Apple.

  5. 🚨 Critical Step: In the Capabilities section, scroll down to Sign in with Apple and check the box to enable it.

    Important: You must enable "Sign in with Apple" capability during App ID creation. If you skip this step, you will see "No App ID is available" when creating the Services ID later.

  6. Click on Edit next to "Sign in with Apple" to configure additional settings.

  7. Select Enable as a primary App ID → click ContinueRegister.

  8. Your App ID is ready. Note down the App ID for the next step.

    create-apple-app-id

    create-apple-app-id

Verification: You should see "Sign in with Apple" listed as an enabled capability for your App ID.

Step 3: Create a Services ID

In this section, you will create an Apple Services ID, which serves as your Client ID.

  1. Select Identifiers, and from the right drop-down select Services IDs, and then click the blue plus icon.

  2. Select Services IDsContinue, then add the description and Identifier as recommended by Apple, and click on Register.

  3. After creation, click on your Services ID from the list.

  4. Check the box for Sign in with Apple and click Configure.

  5. In the configuration dialog:

    • Select your App ID from the dropdown (created in Step 2)
    • Enter your Primary App Domain (e.g., yourdomain.com)
    • In Return URLs, paste the Redirect URL you copied from cidaas in Step 1
    • Click Save

  6. Click ContinueSave to finalize the Services ID.

Note: This Services ID will be used as your Client ID in cidaas configuration.

create-apple-service-id

create-app-service-ids

Step 4: Create a Key ID and Generate Client Secret

In this section, you will create an Apple Key ID and generate the client secret using the private key.

Create the Key ID

  1. Select Keys from the left menu, and then click the blue plus icon.

  2. Add the key name, then select Sign in with Apple and click Configure.

  3. Select your App ID from the dropdown menu, and click SaveContinueRegister.

  4. Important: Copy the Key ID and download the .p8 file immediately.

  5. Note your Team ID (10-character alphanumeric ID visible in your Apple Developer account header).

Security Warning:

  • The .p8 private key file can only be downloaded once
  • Keep this file secure and never share it or commit it to version control
  • Store it in a secure location with restricted access

Generate Client Secret

You need to generate a JWT token using the downloaded private key. Choose one of the following methods:

Method 1: Python Script

import jwt
import time
from cryptography.hazmat.primitives import serialization

# Configuration - Replace with your actual values
key_file = 'path/to/your/AuthKey_XXXXXXXXXX.p8'  # Path to downloaded .p8 file
team_id = 'YOUR_TEAM_ID'                         # 10-character Team ID
client_id = 'YOUR_SERVICES_ID'                   # Services ID created in Step 3
key_id = 'YOUR_KEY_ID'                           # Key ID from Step 4

# Read the ECDSA key from the file
with open(key_file, 'r') as f:
    ecdsa_key = serialization.load_pem_private_key(
        f.read().encode(),
        password=None
    )

# Define the headers
headers = {
    'kid': key_id
}

# Define the claims
claims = {
    'iss': team_id,
    'iat': int(time.time()),
    'exp': int(time.time()) + 86400 * 180,  # 180 days expiration
    'aud': 'https://appleid.apple.com',
    'sub': client_id,
}

# Generate JWT token
token = jwt.encode(claims, ecdsa_key, algorithm='ES256', headers=headers)

print(f"Client Secret (JWT Token): {token}")

cidaas setup

Configure Apple as social provider setup in cidaas app

In this section, you'll find steps on

  • How to add the client ID and client secret that you obtained from the Apple Developer Portal into your cidaas application and,
  • how to select client applications for which you want to enable Apple as a social provider.

  1. Now, navigate to cidaas Admin dashboard -> Settings -> Login Providers -> Social Providers.

    social-login-provider

  2. Click on Apple > Create providers, enter the required details, and save.

    • Enter the Client ID (service ID) and Client Secret acquired from the Apple setup section.

    social-login-app-deatils

  3. After you save, you can select the application that you want Apple to use as a social provider.

    social-login-mapping-the-app

  4. Apple is available as a social provider for your application.

Note : An administrator can configure single provider to more than one client

Reference Link how to configure other providers?

Need help implementing this?

Please contact us on our Developer Support Page.