Back

Sign in with Apple authentication

on 

As presented at the WWDC 2019, with the release of the new iPhone operating system, iOS 13, Apple introduced a new way to sign up for accounts in apps and websites, called “Sign in with Apple. ” 
By April 2020 every app available in Apple’s App Store must integrate Sign in with Apple.

What is Sign in with Apple

Sign in with Apple is a “single sign on” (SSO) service intended to work in the same places where you’ve likely seen buttons to log in using your Facebook or Google account. Instead of creating a new account for an app or a website with your email address and a password, you instead sign in using your Apple ID. 

Thanks to the Sign in with Apple button in your app , people can sign in or sign up with just a tap using the Apple ID and easily authenticate with Face ID or Touch ID. No more forms to fill out or password to create and remember!

Sign in with Apple works across all Apple devices — iOS/iPadOS devices (iPhone, iPad and iPod touch), Mac, Apple TV and Apple Watch.

Apple also offers a solution for Android devices and web apps (with Sign in with Apple JS )

From a security perspective, Apple offers a great option for both users and developers alike with added privacy.

It also comes with features that benefit iOS app developers — like built-in two-factor authentication support, anti-fraud detection and the ability to offer a one-touch, seamless access to their app.

Users benefit from the same fast sign-up and login as with other services (Facebook, Twitter etc) but with the knowledge that the apps aren’t sharing their information as they can choose whether or not to share their email with the app developer.

If users decide not to share their real email, Apple will generate a random — but real and verified — email address for the app in question to use, then will route the emails the app wants to send to that address. The new generated email address will come in this format: fc452bd5ea@privaterelay.appleid.com.The user can choose to disable this app email address at any time like — like if they begin to get spam, for example.

What are the requirements to integrate Sign in with Apple

Apple guidelines state that apps that use a third-party or social login service (such as Facebook Login  and/or Sign in with Twitter) to authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option. 

The Sign in with Apple button must be prominent and on the top of a stack of other third-party sign-in buttons.
 

How to integrate Sign in with Apple in your app

You first need to prepare your app by adding the capability to your App. This can be done by editing it on Apple developer portal or on Xcode. 

Once this is done, you then need to add the Sign in with Apple button: ASAuthorizationAppleIDButton.(The button is available in 2 formats : sign in with Apple or Continue with Apple.) then add an action. You can set the button in black or white to best adapt to your app background.

Next it’s time to configure a request and perform authorization. You need to get an authorization provider to build a “create a sign in” request and then define your scope of action. For the scope, two options are available at the moment: email and full name.

Optionally, if your app requires this for the best user experience, you can set requestedScopes for full name and email. You should only request this information if it's truly required for your app and err on the side of minimum amount of information. Once the request is configured, initialize ASAuthorizationController , set the delegates to get the results back into your app.

When the user performs the request and provides the info asked by the requested scope, the ASAuthorizationController will return with the authorization if the user has successfully authorized the app to sign in with Apple

How to set up Sign in with Apple on your GoodBarber App

For your iOS app:

There are three requirements to add "Sign in with Apple" to your GoodBarber apps:

- It is mandatory to have already set  Facebook  or Twitter  authentication on your app.
- It is mandatory to have your own Apple developer account
- This feature is only available for GoodBarber Premium plans.

 If it's a first submission to the App Store, our team will add Sign in with Apple to your app during the submission process.
If your app is already published on the App Store, ask for an update of your iOS app. Our team will add Sign in with Apple to your app during the update process.

On devices using iOS 13, the Apple SDK allows for a native login experience, using Face ID for example.
For devices using iOS 12 and prior, the users will be redirected towards Safari with a custom URL starting with “https://appleid.apple.com/auth/authorize”. This URL contains the parameters customization elements like the client_id, the redirection URL or the requested scope.  
There, the users will be able to login by entering their Apple ID and password. 

On PWA, we use Apple's JS script to display the button and process the requests. The experience is of classic type : login  (Apple ID) + password).

On Android, the operation is very similar to iOS 12 except that the user never leaves the application. Apple's web page is displayed in app


For your Android and PWA:

For the Android and PWA versions of your app, once you set your Facebook or twitter authentication and Sign in with Apple is all set for your iOS app: 
  • For Android, generate and submit your app to Google Play store (1st submission) or Update your already published Android app on Google Play store 
  • Build or rebuild your PWA.

Best practices for using Sign in with Apple

As recommended by Apple, only ask people to sign in if it allows them to benefit from added value ( additional features, personalization )

Make sure you offer Sign in with Apple for every version of your app, across all platforms, including non-Apple platforms and the web.

Delay sign-in as long as possible. People often abandon apps when they're forced to sign in before doing anything useful. Give them a chance to familiarize themselves with your app before making a commitment. For example, a live-streaming app could let people explore available content before signing in to stream something.