> ## Documentation Index > Fetch the complete documentation index at: https://docs.prelude.so/llms.txt > Use this file to discover all available pages before exploring further. # Apple > Configure Apple OAuth for your Session application. This guide walks you through configuring Apple as a social login provider for your application. ## Prerequisites * An [Apple Developer account](https://developer.apple.com/) * An **App ID** registered for your application ## Configure Apple OAuth If you don't already have an App ID for your application: 1. Go to the [Apple Developer Portal](https://developer.apple.com/account/resources/identifiers/list) 2. Click **Identifiers** > **+** to register a new identifier 3. Select **App IDs** and click **Continue** 4. Select **App** as the type and click **Continue** 5. Enter a description and a **Bundle ID** (e.g. `com.yourapp`) 6. Under **Capabilities**, enable **Sign in with Apple** 7. Click **Register** The Services ID is used as the `client_id` when configuring the OAuth provider. 1. Go to the [Apple Developer Portal](https://developer.apple.com/account/resources/identifiers/list/serviceId) 2. Click **Identifiers** > **+** to register a new identifier 3. Select **Services IDs** and click **Continue** 4. Enter a description (e.g. "Prelude Session") and an identifier (e.g. `com.yourapp.session`) — this identifier will be your `client_id` 5. Click **Register** 1. Click on the newly created Services ID 2. Enable **Sign in with Apple** and click **Configure** 3. Select the **App ID** you created in the first step as the Primary App ID 4. Under **Domains and Subdomains**, add your [custom domain](/session/documentation/domain-names) (e.g. `session.yourapp.com`) 5. Under **Return URLs**, add: ``` https://${YOUR_CUSTOM_DOMAIN}/v1/session/login/oauth/apple/callback ``` Replace `${YOUR_CUSTOM_DOMAIN}` with your custom domain. 6. Click **Save** and then **Continue** > **Register** The return URL must match exactly. Make sure there is no trailing slash and that you are using `https`. Apple does not provide a client secret directly. Instead, you create a private key that Prelude uses to generate the client secret automatically. 1. Go to **Keys** in the [Apple Developer Portal](https://developer.apple.com/account/resources/authkeys/list) 2. Click **+** to create a new key 3. Give it a name and enable **Sign in with Apple** 4. Click **Configure** and select the App ID you created in the first step 5. Click **Save**, then **Continue**, then **Register** 6. Download the `.p8` private key file — you can only download it once 7. Note the **Key ID** displayed on the page — you will need it in the next step ```bash theme={null} curl -X POST https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/oauth/apple \ -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" \ -H "Content-Type: application/json" \ -d '{ "client_id": "com.yourapp.session", "enabled": true, "options": { "use_email_as_identifier": true, "allow_email_account_merge": true }, "apple": { "team_id": "YOUR_TEAM_ID", "key_id": "YOUR_KEY_ID", "p8_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----" } }' ``` | Field | Description | | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `client_id` | The **identifier** of your Services ID (e.g. `com.yourapp.session`). This is the identifier you chose when creating the Services ID, not the App ID. | | `enabled` | Set to `true` to enable Apple login. | | `apple.team_id` | Your Apple Developer Team ID (found in the top-right of the Apple Developer Portal). | | `apple.key_id` | The Key ID of the private key you created. | | `apple.p8_key` | The contents of the `.p8` private key file. **Each line break must be replaced by `\n`** so the entire key is a single-line string (e.g. `"-----BEGIN PRIVATE KEY-----\nMIGT....\n-----END PRIVATE KEY-----"`). Prelude uses this to generate the client secret automatically. | | `options.use_email_as_identifier` | When `true`, the user's Apple email is stored as an email identifier. | | `options.allow_email_account_merge` | When `true`, if a user with the same email already exists, the Apple account is linked to the existing user. | ## Update the configuration To update an existing Apple OAuth configuration: ```bash theme={null} curl -X PUT https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/oauth/apple \ -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" \ -H "Content-Type: application/json" \ -d '{ "client_id": "com.yourapp.session", "enabled": true, "options": { "use_email_as_identifier": true, "allow_email_account_merge": true }, "apple": { "team_id": "YOUR_TEAM_ID", "key_id": "YOUR_KEY_ID", "p8_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----" } }' ``` ## Delete the configuration To remove Apple OAuth from your application: ```bash theme={null} curl -X DELETE https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/oauth/apple \ -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" ``` ## What's next? Now that Apple OAuth is configured on your backend, integrate the frontend using the [Web Integration](/session/documentation/frontend-sdks/web/social-login) guide.