- iOS 13.0+
- Xcode 11.3+
This sample app, Juice, uses the AuthenticationServices framework to provide users an interface to set up accounts and sign in with their Apple ID. The app presents a form in which the user can create and set up an account for the app, then authenticates the user’s Apple ID with Sign in with Apple, and displays the user’s account data.
For more information about implementing Sign in with Apple on iOS 12 and earlier, see Incorporating Sign in with Apple into Other Platforms.
Configure the Sample Code Project
To configure the sample code project, perform the following steps in Xcode:
On the Signing & Capabilities pane, set the bundle ID to a unique identifier (you must change the bundle ID to proceed).
Choose a run destination from the scheme pop-up menu that you’re signed into with an Apple ID and that uses Two-Factor Authentication.
If necessary, click Register Device in the Signing & Capabilities pane to create the provisioning profile.
In the toolbar, click Run, or choose Product > Run (⌘R).
Add a Sign in with Apple Button
In the sample app,
Login displays a login form and a Sign in with Apple button (
ASAuthorization) in its view hierarchy. The view controller also adds itself as the button’s target, and passes an action to be invoked when the button receives a touch-up event.
Request Authorization with Apple ID
When the user taps the Sign in with Apple button, the view controller invokes the
handle function, which starts the authentication flow by performing an authorization request for the users’s full name and email address. The system then checks whether the user is signed in with their Apple ID on the device. If the user is not signed in at the system-level, the app presents an alert directing the user to sign in with their Apple ID in Settings.
The authorization controller calls the
presentation function to get the window from the app where it presents the Sign in with Apple content to the user in a modal sheet.
If the user is signed in at the system-level with their Apple ID, the sheet appears describing the Sign in with Apple feature, followed by another sheet allowing the user to edit the information in their account. The user can edit their first and last name, choose another email address as their contact information, and hide their email address from the app. If the user chooses to hide their email address from the app, Apple generates a proxy email address to forward email to the user’s private email address. Lastly, the user enters the password for the Apple ID, then clicks Continue to create the account.
Handle User Credentials
If the authentication succeeds, the authorization controller invokes the
authorization delegate function, which the app uses to store the user’s data in the keychain.
If the authentication fails, the authorization controller invokes the
authorization delegate function to handle the error.
Once the system authenticates the user, the app displays the
Result which shows the user information requested from the framework, including the user-provided full name and email address. The view controller also displays a Sign Out button and stores the user data in the keychain. When the user taps the Sign Out button, the app deletes the user information from the view controller and the keychain, and presents the
Login to the user.
Request Existing Credentials
Login function checks if the user has an existing account by requesting both an Apple ID and an iCloud keychain password. Similar to
handle, the authorization controller sets its presentation content provider and delegate to the
authorization delegate function checks whether the credential is an Apple ID (
ASAuthorization) or a password credential (
ASPassword). If the credential is a password credential, the system displays an alert allowing the user to authenticate with the existing account.
Check User Credentials at Launch
The sample app only shows the Sign in with Apple user interface when necessary. The app delegate checks the status of the saved user credentials immediately after launch in the
get function retrieves the state of the user identifier saved in the keychain. If the user granted authorization for the app (for example, the user is signed into the app with their Apple ID on the device), then the app continues executing. If the user revoked authorization for the app, or the user’s credential state not found, the app displays the log in form by invoking the