Set Up Apple SSO

​

In the Apple dashboard

​

Create an App ID

1. Go to the Apple Developer Portal and sign in with your Apple Developer account.
2. Go into your account.
3. In the Certificates, Ids & Profiles section, select Identifiers.
4. Click the + button to create a new App ID.
5. Edit your existing app by selecting your app and and clicking Continue.
6. Fill in the required fields:
   • Description
   • Bundle ID
   • Under Capabilities select Sign in with Apple. Click Continue, and then click Register to create the App ID. After registering you should be redirected back to the identifiers page.

​

Create a Service ID for your web application

1. In the Certificates, Ids & Profiles section, select Identifiers.
2. Click the + button and select Services IDs, and then click Continue.
3. Fill in the required fields:
   • Description
   • Identifier - reversed domain click Continue and then click Register. After registering you should be redirected back to the identifiers page.
4. Click on the newly created Service ID, and a details page will open. Select the checkbox next to the Sign in with Apple capability, and then click Configure.
5. Add your domain and redirect URLs as follows:
   • Add your domain in the Domains and Subdomains section. You’ll need to verify your domain by following the instructions provided by Apple.
     • Example for store domain: https://shop.sweetsugarbakery.com
   • Add your redirect URL(s) in the Return URLs section. This is where the user will be redirected after a successful authentication. After a successful configuration, confirm the list you’d like to add to this Services ID and click Done. To complete the process, click Continue, and then click Save.
     • Example for return URL: https://shop.sweetsugarbakery.com/login?apple=true

​

Create a private key for client authentication

1. In the Certificates, Ids & Profiles section, click Keys.
2. Click the + button to create a new key.
3. Fill in the key name, check Sign in with Apple and click Configure.
4. Select the primary App ID you created earlier, then click Save and Continue.
5. Review the key details and click Register.
6. Download the private key (.p8 file) and securely store it. You’ll need this to authenticate your server.

​

Example

import jwt
from datetime import datetime, timedelta
client_id = 'CLIENT_SERVICE_ID'
team_id = 'APPLE_DEVELOPER_TEAM_ID'
private_key = '''-----BEGIN PRIVATE KEY-----
YOUR PRIVATE KEY
-----END PRIVATE KEY-----''' # Private key in PEM format
header = {
 'alg': 'ES256',
 'kid': YOUR_PRIVATE_KEY_ID # Key ID for your private key
}
payload = {
 'iss': team_id,
 'iat': datetime.utcnow(),
 'exp': datetime.utcnow() + timedelta(days=180),# 180 days expiration time
 'aud': 'https://appleid.apple.com',
 'sub': client_id
}
client_secret = jwt.encode(payload, private_key, algorithm='ES256', headers=header)
print(client_secret)

​

Supported methods for Apple sign in

• id_token: A JWT (JSON Web Token) issued by Apple containing information about the authenticated user.
• code: A short-lived authorization code used for server-to-server communication to fetch access tokens.

​

In the Publisher Dashboard

1. Go to Settings -> Authentication.
2. Toggle on Apple App, and enter your Apple ID in the Apple App ID field.
3. The button for logging in with Apple will appear in the web store login page.
4. Once a player selects this method, Apple generates a token. Apppcharge sends this token along with other login information to your Authenticate Player API for verification.
5. Once verified, the player is logged into the web store.