Apple login setup

This page explains how to add Apple's sign-in service to your applications to allow customers to log in with their Apple identities.

Objective

Integrating with Apple's sign-in service allows customers to log in with their existing Apple identities.

Overview

Strivacity's support for social authentication and registration allows you to easily establish a trusted relationship between your applications and various social identity providers.

Easy-to-add social login providersEasy-to-add social login providers

Easy-to-add social login providers

Social provider add-ons in the Admin Console come with many client-side configurations out of the box to make integration as painless as possible:

  • autodiscovery URL with automatic endpoint collection
  • pre-defined scopes for the essential requests
  • pre-configured claim mappings to obtain and synchronize relevant social profile attributes
  • continuous customer data synchronization

Prerequisites

General

  • General understanding of the OIDC Authorization Code Flow grant type
  • A test application where you can apply and test the Apple social provider

πŸ“˜

To demonstrate the integration process, the test application will be Strivacity's customer self-service management utility. The process will look mostly the same for any other application.

Apple

  • Existing Apple identity
  • Apple developer account with Apple Developer Program membership
  • App ID (Team ID in Strivacity)
  • Services ID (Client ID in Strivacity)
  • Key ID (Key ID in Strivacity)
  • Authentication key (Client Secret Signing Key in Strivacity)

πŸ›‘

The authentication key can only be downloaded once.

Strivacity

  • Up-and-running Strivacity instance
    • the URL of your instance in reverse-domain name style: <com.strivacity.yourStrivacityinsanceID>
  • Redirect URI where customers are redirected after successful authentication: https://<yourStrivacityinsanceID>.strivacity.com/provider/continue
  • Test application to test the social provider
  • The application's self-service URL for reference

Apple-side configuration steps

To add the Sign in with Apple capability, you need to configure multiple components on Apple's side:

Registering an identifier for Strivacity

πŸ“˜

This module is only available with an Apple Developer Program membership.

  • Go to 'Identifiers' on the 'Certificates, Identifiers & Profiles' page.
  • Select 'App IDs' in the dropdown on the right.
  • Click on the blue '+' sign next to the 'Identifiers' heading.

'Register a new identifier' page

πŸ“˜

On this page, you can select the type of identifier you'd like to register.

  • Select 'App IDs' from the list, then click 'Continue'.
  • On the next page, select 'App' under 'Select a type', then click 'Continue'.

πŸ“˜

You will be directed to the β€˜Register an App ID' page where the App ID is automatically generated.

'Register an App ID' page

πŸ“˜

On this page, you can manage the configurations of the identifier you're registering, access the automatically generated App ID, and can enable the sign-in capability to configure it in a later step.

  • Capture the App ID from 'App ID Prefix' and save it for future reference.
  • At 'Description', add a name for your new identifier; it will go by this name in the 'Identifiers' module.
  • At 'Bundle ID', add your Strivacity instance's URL in reverse-domain name style: 'com.strivacity.yourStrivacityinsanceID'.

Enabling the 'Sign in with Apple' capability

πŸ“˜

This is the place where you can select which Apple services should be available for Strivacity. The available capabilities can also be changed later on.

  • Scroll down to find 'Sign in with Apple' and select it.

πŸ“˜

New options will appear after making the selection.

  • Click 'Edit'.
  • Select 'Enable as primary App ID' on the new screen.
  • Click 'Save' to save your choices.

'Confirm your App ID' page

  • Click 'Continue'.

πŸ“˜

You will get a preview of your App ID configuration.

  • Click 'Register' to complete your App ID registration.
  • You will get a preview of the new App ID.

πŸ“˜

You will return to the 'Identifiers' section on the 'Certificates, Identifiers & Profiles' page.

Registering the Service ID

  • Open the drop-down on the right (showing 'App IDs').
  • Select 'Service IDs' from the list.
  • Click on the blue '+' sign next to the 'Identifiers' heading.

'Register a new identifier' page

  • Select 'Service IDs' from the list, then click 'Continue'.

'Register a Services ID' page

  • On the next page, you can fill in the Service ID in the 'Identifier' field.

πŸ“˜

Apple asks you to provide your Services ID in a reverse-domain name style. The Services ID can't be identical to the Bundle ID you've previously provided.

  • Click 'Continue'.

πŸ“˜

You will get a preview of your Services ID configuration.

  • Click 'Register'.

πŸ“˜

The Service ID is now registered. You will be redirected to the 'Identifiers' section on 'Certificates, Identifiers & Profiles' page.

Allow sign-in with Apple and add redirect URL

  • In the 'Identifiers' section, make sure that 'Services IDs' is selected from the drop-down on the right.
  • Select the 'Services ID' you have just registered.

'Edit your Services ID Configuration' page

πŸ“˜

On this page, you can configure the sign-in capability for the service.

  • Capture the Services ID from the 'Identifier' section for future reference.
  • Select 'Sign in with Apple' from the list of available capabilities (only capability available).
  • Click 'Configure'.

'Web Authentication Configuration' screen

'Register Website URLs' section

  • At 'Domains and Subdomains', add the domain of your Strivacity instance: '<yourStrivacityinstanceID>.strivacity.com'
  • At 'Return URLs', add a redirect URL the customer will return to after authenticating with their Apple identity.

πŸ“˜

The redirect URL consists of your Strivacity instance ID and the following endpoint: [https://**\](https://**\)**.strivacity.com/provider/continue

  • Click 'Next' to continue.
  • Click 'Done' to save your configurations made on this screen.

'Edit your Services ID Configuration' page

  • Click 'Continue' on the right, as you resume the 'Edit your Services ID Configuration' page.

πŸ“˜

In the next step, you will receive a note about finishing the 'Sign in with Apple' setup.

  • Click 'Save' to confirm.

πŸ“˜

You will be redirected to the 'Identifiers' section on the 'Certificates, Identifiers & Profiles' page.

Registering a new key

πŸ“˜

In this part, you will register a new key and assign it to the sign-in service you've created in the previous steps.

  • Go to the 'Keys' section on the 'Certificates, Identifiers & Profiles' page.
  • Click on the blue '+' sign next to the 'Keys' heading.

'Register a New Key' page

  • Select 'Sign in with Apple' from the list.
  • Click 'Configure'.

'Configure Key' page

  • In the 'Primary App ID' drop-down, select the App ID you've registered in the first part.
  • Click 'Save'.

πŸ“˜

You will be redirected to the 'Register a New Key' page.

  • Add a name for your new key in the 'Key Name' field.
  • Click 'Continue'.

πŸ“˜

You will get a summary of the configurations you've made for the new key.

  • Click 'Register' to create your new key.

'Download Your' Key page

  • Capture the Key ID for future reference as you're redirected to the new key's summary page.
  • Download the authentication key using the button on the right.

πŸ›‘

Before you download the authentication key, make sure you are prepared for storing it in a secure place where you can access it easily. The authentication key can only be downloaded once.

  • Click 'Done' to exit this page.

βœ…

You’re all set for adding Apple's sign-in experience to your applications.

Adding Apple as a social login provider

1) In the Strivacity Admin Console, navigate to External Login > Social Login.

2) Click β€˜Create Social Login Provider’.

Social login page without any providers added yetSocial login page without any providers added yet

Social login page without any providers added yet

3) Select β€˜Apple’ from the list of available social provider capabilities.

Easy-to-add social login providersEasy-to-add social login providers

Easy-to-add social login providers

4) Fill in the 'Basic information' for the Apple social provider.

πŸ“˜

You already have every information needed from setting up 'Sign in with Apple'.

  • Client ID (Services ID on Apple's side)
  • Client Secret Signing Key (the downloaded authentication key)
  • Apple Team ID (the App ID on Apple's side)
  • Key ID (same as on Apple's side)
Create Apple login provider page with client credentials addedCreate Apple login provider page with client credentials added

Create Apple login provider page with client credentials added

βœ…

The scopes that your Strivacity application will request are already defined.

5) Enable Synchronize and store profile data at each login to ensure customer data is kept up-to-date inside your application.

6) Click β€˜Save’ to add the Apple social provider.

βœ…

Claim mappings are automatically handled for social login providers after saving.

Adding Apple's sign-in capability to your application

πŸ“˜

Follow the steps described in this guide to add a social login provider to an application.

Testing your social login provider

1) Copy the self-service URL of your application.

2) Open an incognito window or launch another browser.

3) Go to the self-service login page of your application using the application’s link.

4) Click β€˜Continue with Apple’ to sign in with your Apple identity.

Login screen with Apple social provider optionLogin screen with Apple social provider option

Login screen with Apple social provider option

πŸ“˜

In case of successful setup, after authentication, you should be asked to allow permission to your basic profile information and email address in your Apple account.