Skip to main content
This guide walks you through configuring Apple as a social login provider for your application.

Prerequisites

Configure Apple OAuth

1

Register an App ID

If you don’t already have an App ID for your application:
  1. Go to the Apple Developer Portal
  2. Click Identifiers > + to register a new identifier
  3. Select App IDs and click Continue
  4. Select App as the type and click Continue
  5. Enter a description and a Bundle ID (e.g. com.yourapp)
  6. Under Capabilities, enable Sign in with Apple
  7. Click Register
2

Create a Services ID

The Services ID is used as the client_id when configuring the OAuth provider.
  1. Go to the Apple Developer Portal
  2. Click Identifiers > + to register a new identifier
  3. Select Services IDs and click Continue
  4. Enter a description (e.g. “Prelude Session”) and an identifier (e.g. com.yourapp.session) — this identifier will be your client_id
  5. Click Register
3

Configure Sign in with Apple

  1. Click on the newly created Services ID
  2. Enable Sign in with Apple and click Configure
  3. Select the App ID you created in the first step as the Primary App ID
  4. Under Domains and Subdomains, add your custom domain (e.g. session.yourapp.com)
  5. Under Return URLs, add:
https://${YOUR_CUSTOM_DOMAIN}/v1/session/login/oauth/apple/callback
Replace ${YOUR_CUSTOM_DOMAIN} with your custom domain.
  1. Click Save and then Continue > Register
The return URL must match exactly. Make sure there is no trailing slash and that you are using https.
4

Create a private key

Apple does not provide a client secret directly. Instead, you create a private key that Prelude uses to generate the client secret automatically.
  1. Go to Keys in the Apple Developer Portal
  2. Click + to create a new key
  3. Give it a name and enable Sign in with Apple
  4. Click Configure and select the App ID you created in the first step
  5. Click Save, then Continue, then Register
  6. Download the .p8 private key file — you can only download it once
  7. Note the Key ID displayed on the page — you will need it in the next step
5

Create the Apple OAuth configuration

curl -X POST https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/oauth/apple \
  -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "com.yourapp.session",
    "enabled": true,
    "options": {
      "use_email_as_identifier": true,
      "allow_email_account_merge": true
    },
    "apple": {
      "team_id": "YOUR_TEAM_ID",
      "key_id": "YOUR_KEY_ID",
      "p8_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
    }
  }'
FieldDescription
client_idThe identifier of your Services ID (e.g. com.yourapp.session). This is the identifier you chose when creating the Services ID, not the App ID.
enabledSet to true to enable Apple login.
apple.team_idYour Apple Developer Team ID (found in the top-right of the Apple Developer Portal).
apple.key_idThe Key ID of the private key you created.
apple.p8_keyThe contents of the .p8 private key file. Each line break must be replaced by \n so the entire key is a single-line string (e.g. "-----BEGIN PRIVATE KEY-----\nMIGT....\n-----END PRIVATE KEY-----"). Prelude uses this to generate the client secret automatically.
options.use_email_as_identifierWhen true, the user’s Apple email is stored as an email identifier.
options.allow_email_account_mergeWhen true, if a user with the same email already exists, the Apple account is linked to the existing user.

Update the configuration

To update an existing Apple OAuth configuration: 
curl -X PUT https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/oauth/apple \
  -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "com.yourapp.session",
    "enabled": true,
    "options": {
      "use_email_as_identifier": true,
      "allow_email_account_merge": true
    },
    "apple": {
      "team_id": "YOUR_TEAM_ID",
      "key_id": "YOUR_KEY_ID",
      "p8_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
    }
  }'

Delete the configuration

To remove Apple OAuth from your application: 
curl -X DELETE https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/oauth/apple \
  -H "Authorization: Bearer ${MANAGEMENT_API_KEY}"

What’s next?

Now that Apple OAuth is configured on your backend, integrate the frontend using the Web Integration guide.