Home
Product documentation
Support homeSupport requestsSystem statusTrust centerTry for free
Start typing to search…

Apple login setup

Strivacity supports social authentication using external identity providers such as Apple. This allows customers to log in to your application using their existing Apple identity.

Overview

Social login providers

Social login providers in the Admin Console include built-in configuration to simplify integration:

  • Automatic endpoint discovery
  • Predefined scopes for essential requests
  • Preconfigured claim mappings for profile data
  • Continuous customer data synchronization

Prerequisites

General

  • General understanding of the OIDC Authorization Code Flow grant type.
  • A test application where you can configure and test the Apple social provider.
📘

To demonstrate the integration process, the test application can be Strivacity's customer self-service portal. The process is similar for other applications.

Apple

  • Existing Apple identity
  • Apple developer account with Apple Developer Program membership
  • App ID (Apple team ID in Strivacity)
  • Services ID (Client ID in Strivacity)
  • Key ID
  • Authentication key (Client Secret signing key in Strivacity)
🛑

The authentication key can only be downloaded once.

Strivacity

  • Up-and-running Strivacity instance
    • the URL of your instance in reverse-domain name style: <com.strivacity.yourStrivacityInstanceID>
  • Redirect URI where customers are redirected after successful authentication: https://<yourStrivacityInstanceID>.strivacity.com/provider/continue
  • Test application to test the social provider
  • The application's self-service URL for reference

Step 1: Configure Apple

To add the Sign in with Apple capability, you need to configure multiple components on Apple's side:

  1. Register an App ID for your Strivacity instance on Apple's side.
    1. Make the sign-in capability available for use (=enable) while registering the App ID.
  2. Create a Service ID.
  3. Allow the sign-in capability while adding the redirect URL.
  4. Obtain the Key ID and download the authentication key.

Registering an identifier for Strivacity

  1. Go to 'Certificates, Identifiers & Profiles' in your Apple developer portal.
📘

This module is only available with an Apple Developer Program membership.

  1. Go to Identifiers on the Certificates, identifiers & profiles page.
  2. Select App IDs in the dropdown on the right.
  3. Select the + sign next to the Identifiers heading.
  4. You will be navigated to the Register a new identifier page, where you can select the type of identifier you'd like to register.
  5. Select App IDs from the list, then select Continue.
  6. On the next page, select App under Select a type, then proceed with Continue.
  7. You will be directed to the Register an App ID page where the App ID is automatically generated.
  8. Capture the App ID from App ID Prefix and save it for future reference.
  9. Under Description, add a name for your new identifier. It will go by this name in the Identifiers module.
  10. Under Bundle ID, add your Strivacity instance's URL in reverse-domain name style: com.strivacity.yourStrivacityinstanceID.

Enabling the Sign in with Apple capability

This is where you can select which Apple services should be available for Strivacity. The available capabilities can also be changed later on.

  1. Scroll down to find Sign in with Apple and select it.
  2. New options will appear after making the selection.
  3. Choose Edit.
  4. Select Enable as primary App ID on the new screen.
  5. Select Save to save your choices.
  6. On the Confirm your App ID page, select Continue.
  7. Select Register to complete your App ID registration.
  8. You will get a preview of the new App ID.

Registering the Service ID

  1. Open the drop-down on the right (showing App IDs).
  2. Select Service IDs from the list.
  3. Choose the + sign next to the Identifiers heading.
  4. On the Register a new identifier page, select Service IDs from the list, then Continue.
  5. On the next page, you can fill in the Service ID in the Identifier field.
    📘

    Apple asks you to provide your Services ID in a reverse-domain name style. The Services ID can't be identical to the Bundle ID you've previously provided.

  6. Select Continue.
  7. Select Register.

Allow sign-in with Apple and add redirect URL

  1. In the Identifiers section, make sure that Service IDs is selected from the drop-down on the right.
  2. Select the Service ID you have just registered.
  3. On the Edit your Service ID configuration page, capture the Service ID from the Identifier section for future reference.
  4. Select Sign in with Apple from the list of available capabilities (it is the only capability available).
  5. Choose Configure.
  6. On the Web authentication configuration screen, under Primary App ID, select the App ID you have previously registered.
  7. In the Register Website URLs section, under Domains and subdomains, add the domain of your Strivacity instance: <yourStrivacityinstanceID>.strivacity.com
  8. Under Return URLs, add a redirect URL the customer will return to after authenticating with their Apple identity.
    📘

    The redirect URL consists of your Strivacity instance ID and the following endpoint: https://<yourStrivacityinstanceID>.strivacity.com/provider/continue

  9. Select Next to continue, then Done to save your configurations made on this screen.

Registering a new key

In this section, you will register a new key and assign it to the sign-in service you've created in the previous steps.

  1. Go to the Keys section on the Certificates, Identifiers & Profiles page.
  2. Select the + sign next to the Keys heading.
  3. On the Register a new key page, select Sign in with Apple from the list.
  4. Select Configure.
  5. In the Primary App ID drop-down, select the App ID you've registered in the first part.
  6. Select Save. You will be redirected to the Register a new key page.
  7. Add a name for your new key in the Key name field and select Continue.
  8. You will get a summary of the configurations you've made for the new key.
  9. Select Register to create your new key.

Download your key page

  1. Capture the Key ID for future reference as you're redirected to the new key's summary page.
  2. Download the authentication key using the button on the right.
    🛑

    Before you download the authentication key, make sure you are prepared for storing it in a secure place where you can access it easily. The authentication key can only be downloaded once.

  3. Select Done to exit this page. You’re all set to add Apple's sign-in experience to your applications.

Step 2: Adding Apple as a social login provider

  1. In the Strivacity Admin Console, navigate to Identities > Social login.

  2. Select Create.

  3. Select Apple from the list of available social provider capabilities.

  4. Fill in the Configuration for the Apple social provider.

    1. Client ID (Services ID on Apple's side)
    2. Client Secret signing key (the downloaded authentication key)
    3. Apple team ID (App ID on Apple's side)
    4. Key ID (same as on Apple's side)

  5. The Scopes that your Strivacity application will request are already defined.

  6. Enable Synchronize and store profile data at each login to ensure customer data is kept up-to-date inside your application. If you choose to synchronize and store this social profile data at each login, Strivacity will retrieve and store this information, which will be visible to the customer on their My Account page and to any Strivacity admins when managing the customer's identity.

  7. You can also define Additional parameters that are included in the authorization request sent to Apple. These parameters allow you to control provider-specific authentication behavior. For example, some providers support parameters such as prompt=login to force re-authentication instead of reusing an existing session.

  8. Select Save to add the Apple social provider.

Claim mappings are automatically handled for social login providers after saving.

Adding Apple's sign-in capability to your application

📘

Follow the steps described in this guide to add a social login provider to an application.

Testing your social login provider

  1. Copy the self-service URL of your application.

  2. Open an incognito window or launch another browser.

  3. Go to the self-service login page of your application using the application’s link.

  4. Select Continue with Apple to sign in with your Apple identity.

📘

In case of successful setup, after authentication, you should be asked to allow permission to your basic profile information and email address in your Apple account.

Login screen with Apple social provider option

Login screen with Apple social provider option

Updated 6 days ago