Obtain Apple Credentials
com.domainname.appname
).+
) on the top.Services IDs
from the list of options and click ‘Continue’ and then provide your app information.Identifiers
in the
sidebar, then select Services IDs
from the dropdown menu on the right.Services ID
you created in the previous step.Sign In With Apple
for the Services ID
by clicking the checkbox next to it.Configure
.App ID
as your Primary App ID
.+
) next to Website URLs
.Domains and Subdomains
input (do not add a scheme,
e.g. https://
, or path information).Return URLs
input, enter the complete redirect URL of your app which you found in the
previous step.Next
at the bottom right.Done
at the bottom to close the modal.Edit your Services ID Configuration
view, click Continue
at the top right, then click Save
.Key
and download a Key
file. You need this file to
generate your client secret in the next step.Keys
in the sidebar,
then click the add button (+
) next to the Keys
heading.Key Name
.Key Name
input, check Sign in with Apple
.Configure
to the right.Configure Key
view, select your previously registered App ID
in thePrimary App ID
dropdown.Save
on the top right.Register a New Key
view, click Continue
, then click Register
on the top right.Download Your Key
view, click Download
on the top right to save the key file.Done
on the top right.private_key
: This is the path to the key file you downloaded in the previous step.
Per default the key file name should look like this: AuthKey_XXXXXXXXXX.p8
. Because we use Docker in this case, we
will use the path to the key file on your filesystem to mount the file into the Docker container (we’ll get to this,
see the command below).team_id
: This is the Team ID your Apple Developer account is associated with.
services_id
: This is Services ID
you created in the Register a Services ID step. You
can always review this ID in the Apple Developer console:
Identifiers
in the sidebar,
then select Services IDs
from the dropdown menu on the right.Identifier
column).key_id
: This is the ID of the private key from the previous step.
The XXXXXXXXXX
part of the default AuthKey_XXXXXXXXXX.p8
filename is the key ID. You can
also review this ID in the Apple Developer console:
Keys
in the sidebar,
then select Services IDs
.View Key Details
> Key ID
private_key
to the container by mapping the path on your filesystem to
a path on the container filesystem, e.g. ~/Downloads/AuthKey_XXXXXXXXXX.p8:/tmp/AuthKey_XXXXXXXXXX.p8
.
From the command line, run (replace <...>
placeholders with your data):client_secret.txt
.Configure Apple Credentials with Hanko
https://*.example.com
matches https://foo.example.com
and https://bar.example.com
.https://foo.example.com/*
matches URLs like https://foo.example.com/page1
and https://foo.example.com/page2
.Implement Apple Login in Your Frontend Application
@teamhanko/hanko-elements
package or opt for a custom UI with the @teamhanko/hanko-frontend-sdk
will determine your approach to frontend integration.<hanko-auth>
component from hanko-elements
based on our frontend guides. If everything is good, the component will display a button for signing in with ‘Github’ in login view.
Sign in with Apple
and chooses to hide their real email address, then the
private relay address will become the primary email for the user. Should a user then choose to sign in with an email
address (and not via Sign in with Apple
), then the private relay email address must be used, not the real email
address associated with her Apple account.Services
in the
left sidebar.Sign in with Apple for Email Communication
panel, click Configure
.Email Sources
heading, click the add (+
) button.Register your email sources
modal, enter your Domains and Subdomains
and/or specific Email Addresses
.
hanko.io
in
the Domains and Subdomains
input. You do not need to provide an SPF DNS record by yourself.Domains and Subdomains
input. Remember to provide an SPF DNS record for your domain in order
to pass Apple’s SPF check.Next
, then click Register
.Email Sources
table. Emails are only relayed if the SPF check (see the Status
column) was successful.Organization
.Project
.Settings
, then select SMTP
.Sender email address
should be registered as an email source in the Apple developer
console to allow communication through Apple’s private relay service (see the previous step).Save
.