Sign In with Apple — Configure Domain
This article focuses on configure domain only for Sign in with apple

Sign in with Apple brings power to the user to hide the email address. If we do not configure our domains on apple developer portal we will fail to communicate to our user/consumer.

Sign in with Apple JS

https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js

  1. Click “Sign In With Apple” button
  2. Your app’s current parent tab will open Apple’s login page in the new child tab with some metadata in the browser’s URL as query params.
  3. The user authenticates the identity after using Apple credentials and is redirected back to the URL which is the parent tab from where we had navigated.
  4. Apple will send a “FORM_POST” request with data to the redirect URL specified in the Apple developer's account configuration.
  5. User completes and verifies the sign-up flow for their site. And now you can apply your next request on a process for an authorized user.

Required metadata from Apple developer account :

  1. Client ID: We will get this from the Services IDs config as an identifier value. Example: “com.myapp.bundle.backend”
  2. Redirect URL: This is the URL which we will add in Web Authentication Configuration setup → Website URLs → Return / Redirect URLs. Example: https://www.xyz.com/api/auth-apple-signin
  • First, sign in to the Apple Developer Account and click on Certificates, Identifiers, and Profiles.
  • From the sidebar, choose Identifiers then click the blue plus icon.
  • Choose App IDs in this first step.
  • Choose platform as “iOS”, enter some descriptive words in the description and choose Bundle ID: “Explicit” and enter the value as shown in the following example. “com.myapp.bundle” → replace myapp text with your app_name.
  • Now scroll down and check the box next to “Sign In with Apple”.
  • Confirm and move to configure the next step which is Services IDs.
  • Enter the description and enter “com.myapp.bundle.backend” in the identifier field and also check the Sign In with Apple checkbox and click configure.
  • Now you are at the Web Authentication Configuration screen where you have to select your app from Primary App ID ( make sure you select the one which starts with your app name ).
  • Enter domain/sub-domain in Website URLs from which you will send the request to the Apple server ( you can add multiple URLs; do not add localhost or IP address as it is not allowed, for example: https://www.xyz.com/).
  • Enter redirect URLs as well where Apple will send the response back after authenticating the user. Example: https://www.xyz.com/api/auth-apple-signin

Your request URL should be like this

https://appleid.apple.com/auth/authorize?response_type=code&redirect_uri=<redirectURL>&client_id=<ClientID>

if you hit this URL after replacing <redirectURL> & ClientID
it will open web login and redirect to your website after apple authentication.

Allow users to set up an account, sign in to your apps and associated websites with the Apple IDs they already have. The configuration is required to communicate with your users and receive updates from Apple.

We need to configure our domains and subdomains so we can communicate with our users with emails only generated by those registered domains and subdomains.
This document will help us understand what steps need to perform to register our domain with the apple developer portal.

When we click Sign in with Apple in our web/app,

Sign in with Apple present two options:

  1. Share my email:
    This will share the user’s personal email address.
  2. Hide my email:
    This will create a unique, random address for users.
  3. When the user chooses to hide my email, we will not receive the user’s actual email address, which means it can’t be used for marketing, advertising purposes.
    Apple’s new private email relay service will generate a unique email.
  • Hide my email
  1. Private relay email addresses have the following characteristics:
  • This address looks like this
    <unique-alphanumeric-string>@privaterelay.appleid.com
  • All emails sent to this address by our app/web will automatically be forwarded to user/consumer’s personal email address by Apple’s private email relay service.
  • There is a concept of DEVELOPMENT TEAM within apple developer portal, App is uniquely identified based on app identifier but if all the app’s under one Development team email generated by apple’s email relay service will remain same for all apps.

Register domain with Apple
We need to perform multiple steps to register our domain.

Open Apple developer portal
https://developer.apple.com/account/resources/certificates/list

Click on last option `More` > Configure

Next, you need to click the `configure` button.
In the “Domains and Associated Email Addresses” section, enter your domain name and subdomains separated by `,`
and then click Register.

*Important*
Registration will fail if the domain does not publish an SPF DNS.

Where we need to register SPF for our domain

This process is vary based on where would you like to send your email from (G Suite, Mailchimp, etc.)
In my case was G Suite.
If we are using Google to sending an email we can follow the steps below
https://support.google.com/a/answer/33786?hl=en

We need to set up sender like this

`v=spf1 include:_spf.google.com ~all`

NOT Needed NOW
A few weeks back, we need this file to upload to `apple-developer-domain-association.txt`

as per apple’s latest documentation not needed now, they exclude it previously it was one of the step mentioned but not mentioned about exclusion — — Apple’s way

https://help.apple.com/developer-account/?lang=en#/dev1c0e25352

Once registered.

Register Subdomains
If we have subdomain and we want to enable them as well for testing purpose or any other use cases. Add domain and subdomain separate by ,

You can click verify button.

If you see Green CheckBox, Congratulations!!
All done.

Now you can communicate with user/consumer’s using email generated by Apple Email relay service.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store