How to integrate Sign in with Apple

Published in

Team Pratilipi

3 min readNov 29, 2019

Recently Apple launched Sign in with Apple along with iOS 13, which offers the users a lot of flexibility with signing up with Apple id, where they have the freedom to share or hide their email.

They have also updated the App Store Review Guideline to include the feature for new apps published after September 2019, mandatorily and the others can include the support by March 2020. The guideline is as follows:

4.8 Sign in with Apple —

Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app and also offer Sign in with Apple as an equivalent option. A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.

Your app exclusively uses your company’s own account setup and sign-in systems.
Your app is an education, enterprise, or business app that requires the user to sign in with an existing education or enterprise account.
Your app uses a government or industry-backed citizen identification system or electronic ID to authenticate users.
Your app is a client for a specific third-party service and users are required to sign in to their mail, social media, or other third-party accounts directly to access their content.

So, let’s see how we can easily integrate it into our existing apps.

Client-Side -

Enable Sign in with Apple in your Xcode project:

This can be done under Signing and Capabilities in your Target application.

2. Add the Sign in with Apple button:

3. That’s pretty much what you need on the client. The ASAuthorizationAppleIDCredential gives you all the required info that you’ll need to sign up the user to your backend services. ASPasswordCredential will give you all the required information to sign in the user by your backend services.

After the authentication, the JWT Token is received. Now, make sure the identityToken is authenticated on your server to know that the user is authentic, which is discussed below.

Server-Side -

Get the JWK (JSON Web Key):

We can easily get that by Apple’s own API:

https://appleid.apple.com/auth/keys{
  "keys": [
    {
      "kty": "RSA",
      "kid": "AIDOPK1",
      "use": "sig",
      "alg": "RS256",
      "n": "lxrwmuYSAsTfn-lUu4goZSXBD9ackM9OJuwUVQHmbZo6GW4Fu_auUdN5zI7Y1dEDfgt7m7QXWbHuMD01HLnD4eRtY-RNwCWdjNfEaY_esUPY3OVMrNDI15Ns13xspWS3q-13kdGv9jHI28P87RvMpjz_JCpQ5IM44oSyRnYtVJO-320SB8E2Bw92pmrenbp67KRUzTEVfGU4-obP5RZ09OxvCr1io4KJvEOjDJuuoClF66AT72WymtoMdwzUmhINjR0XSqK6H0MdWsjw7ysyd_JhmqX5CAaT9Pgi0J8lU_pcl215oANqjy7Ob-VMhug9eGyxAWVfu_1u6QJKePlE-w",
      "e": "AQAB"
    }
  ]
}

read more on what they mean here.

2. Get the public key:

It will be used for authenticating the received identityToken from the client, which can be easily done on this website. Just paste the “keys” object and you’ll receive the public key.

3. Authenticate users:

Using the acquired public key we can then authenticate if the identity token received is actually original and is not tampered or fake. Using this piece of JS code.

var jwt = require('jsonwebtoken');
var keyStr = "YOUR_PUBLIC_KEY"
var privateKey  = Buffer.from(keyStr, 'utf8');
var token = "YOUR_IDENTITY_TOKEN"var x = "asdf";
let isValid = jwt.verify(token,privateKey, function(err, decoded) {
    console.log(err, decoded) 
    if (err) {
        console.log("ddd", x);
        return false;
    } else {
        console.log("ddd", x);
        return decoded;
    }
});

That’s it, you can now add that user to your project, after successful authentication.

How to integrate Sign in with Apple

Written by Ayush Singh