Implementing Apple-id Sign-up and login for Flutter Android and Java BE using REST-based redirect

4 min readJun 13, 2023

This article is a continuation of the previous detailed article, in that we enabled Apple-id authentication for the Flutter iOS application.

Please refer:

Implementing Apple id signup and login for Flutter iOS, Java BE Application

Note: This is my first ever article, please forgive any grammatical mistakes :-). I want to share my experience in…

medium.com

This article explains the steps that are involved in enabling the Apple-Id signup and login for the Flutter Android applications.

Workflow

To enable Apple-id authentication for Flutter Android with the backend Java involved the following steps.

Create Service-Id on the Apple developer portal
Web authentication options for sign_in_with_apple package API
Create Redirect REST API

Authorization Sequence

Steps:

Use the sign_in_with_apple pub package
Use the API SignInWithApple.getAppleIDCredential to log in with Apple-id
Provide the redirect-URI as a param in WebAuthenticationOptions
Once auth success the URL will redirect to the redirect-URI as given in the above step
The redirect URL/REST API will respond with the intent name and parameters to invoke
Once redirection success to the app through the provided Intent, the application will get the auth profile (includes id-token, access-token, scopes (email, name for the first time), and user-id.
Send the id-token and the access token to the backend server for validation
Validate the identity token using the public key fetched from the apple https://appleid.apple.com/auth/keys
Validate the access token using the API https://appleid.apple.com/auth/token
Store/Forward the refresh token for the subsequent validations.

Create Service-ID

Go to https://developer.apple.com/account/resources/identifiers/list to create a new service-id for your Android application.

Go to Identifiers page on apple developer portal

2. Create the new service-identifier

3. Once the service-id is created configure the service ID

4. Select your App-ID to associate this service-id

5. Enter the Return URL (https only, and localhost URL’s not accepted) this will be your REST endpoint.

Flutter UI Changes

Please refer to the previous article pasted above for the sign_in_with_apple API usage and the design.

AuthorizationCredentialAppleID credential =
      await SignInWithApple.getAppleIDCredential(
          scopes: [
        AppleIDAuthorizationScopes.email,
        AppleIDAuthorizationScopes.fullName,
      ],
      webAuthenticationOptions: WebAuthenticationOptions(
          clientId: "Service-ID",
          redirectUri: Uri.parse(
            'https://<your webserver rest host>/<api url>', 
//This is the URL We entered in the service-id configuration page
)));

Android Manifest Changes

For Android, you need to add the following activity to handle the deep link for the redirect intent URL from the REST API. In android/app/src/main/AndroidManifest.xml add the below activity.

<activity
    android:name="com.aboutyou.dart_packages.sign_in_with_apple.SignInWithAppleCallback"
    android:exported="true"
    android:launchMode="singleTop">
    <intent-filter>
    <action android:name="android.intent.action.VIEW" />
    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />

    <data android:scheme="signinwithapple" />
    <data android:path="callback" />
    </intent-filter>
</activity>

Redirect URL REST API

Apple Android authentication requires a redirect URL to be associated with the service identifier. The below example shows the redirect URL implementation using the jax-rs REST API in Java.

@Path("/appleauth")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@POST
public Response handleAppleAuthAndroid(@Context HttpServletRequest requestContext,
        @FormParam("code") String code, 
        @FormParam("id_token") String id_token,
        @FormParam("state") String state,
        @FormParam("user") String user) throws URISyntaxException {
    
    String redirectIntent = null;
    
    if (user != null) {
        redirectIntent = String.format(
                        "intent://callback?"
                        + "code=%s&"
                        + "id_token=%s&"
                        + "state=%s&"
                        + "user=%s"
                        + "#Intent;"
                        + "package=<flutter android package name (reverse domain)>;"
                        + "scheme=signinwithapple;"
                        + "end",
                        code, id_token, state, user);
    } else {
        redirectIntent = String.format(
                "intent://callback?"
                + "code=%s&"
                + "id_token=%s&"
                + "#Intent;"
                + "package=<flutter android package name (reverse domain)>;"
                + "scheme=signinwithapple;"
                + "end",
                code, id_token);
    }
    
        
       URI uri = new URI(redirectIntent);
       
    Response response = Response.status(HttpStatus.SC_TEMPORARY_REDIRECT).location(uri).build();
    return response;
}

The redirect API is POST and it accepts the media type APPLICATION_FORM_URLENCODED.

Summary

The above steps summarizes the workflow in making Apple-id authentication working for Flutter Android application with Java BE using Jax-rs REST API implementation.