Howdy, I have a nasty feeling that the answer to my question is "Y'all cain't do that!", but I figure I'll ask, anyway. THE SAD STORY (GET YOUR HANKY): We have an app that implements Sign [up|in] with Apple. It does it pretty well, with no password visible to the user, and a pretty smooth UX. The issue is what happens when users bork their install. We don't think it will happen often, but want to be able to give the user the best way out, if possible. With the regular (non-SiiA) method, they bonk on a "Forgot Password" button, and the app sends them a new password. We can't do that, with SiiA. The password is stored in the app (in the keychain, so it's very persistent, and shared across devices), and it would a Very Bad Security Hole, to allow users to simply send a new password to the server (the other method generates a rando in the server), which is what would happen, with our method of handling the password. It would also be equally bad, if the server could simply send a new password to the user, directly to their device (the other method sends an email, based on the sign-in information on the server). So the user needs to delete their keychain data completely, which we can easily do, but that does not deal with their SiiA stuff, stored on Apple's server. This is what Apple tells us to do, to delete that. WHICH BEGS THE QUESTION: My question is: Is there a URL scheme that I can use to directly open that panel? If so, it would allow us to create a screen that helps the user to do all the deletions (on the device, our server, and the Apple server).

We’re experiencing an issue with Apple SSO/OAuth that has started happening recently (first encountered about a week ago, but we’re not sure if that’s actually the first instance). When a NEW registration is received (including when a user unlinks their “login with apple” from their settings), we’re not getting the email or fullName despite our scopes including them. When we try with a brand new iCloud account that we know hasn’t been used on our service, we get the email but still no name. Has something changed recently in how we should be retrieving this data? We’re working with firebase and react-native, and it’s happening on both web and native. There’s nothing that’s changed auth-wise on our end. We did migrate subdomains but we updated them in the services section for private relay.

I know apple updated their policy related to sign in (see https://developer.apple.com/news/?id=f1v8pyay, "More flexibility for sign in options in apps" section), but the wording of the guidelines (https://developer.apple.com/app-store/review/guidelines/#login-services) is a bit difficult to understand: Apps that use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer as an equivalent option another login service with the following features: the login service limits data collection to the user’s name and email address; the login service allows users to keep their email address private as part of setting up their account; and the login service does not collect interactions with your app for advertising purposes without consent. As far as I can tell, FB, Google, Amazon, etc. do not offer these protections. Would Apple Sign In still be required in this case?

On iOS, Sign in with Apple will provide an e-mail address if the user is logging in for the first time. On all subsequent logins, the e-mail address will be missing. However, this can be reset by removing the app from your Apple ID. If you then try to login again, the e-mail dialog will popup again, and the app will receive this e-mail. On visionOS, however, the latter does not happen. Even if I have removed the app from my Apple ID, the e-mail dialog won't show up again. The only way to resolve this is to reset the visionOS simulator (haven't tried it on a real device).

Our website supports Apple login, but after logging in, the server obtains the private mailbox of Apple users, but we found that sending emails to this private mailbox failed. The following is the response result I sent to the privacy mailbox using Google mailbox

When transferring an app from one team to another, Sign in with Apple users have to me carefuly migrated since their unique identifiers are team-scoped. To migrate users from Team A to Team B, a transient transfer identifier, aka transfer_sub, has to be generated by Team A before the transfer to prepare the app data, using specific migration endpoints provided by Apple. "Preparing the app data" means, for example, associate database entries to the transfer id instead of the team-specific id. One the app has been transferred, and during 60 days, Team B will find the transfer_sub in ID tokens issued by Apple Sign In, and thanks to this shared identifier they can retrieve the user data and associate it to their new unique identifier. So far so good ! Now, the question : if an app is transferred from Team A to Team B, and then, shortly thereafter (a few days later), from team B to team C, will the transfer_sub related to the B-C transfer be different ? Or will they remain the same as the ones issued for the A-B transfer ? (I'm asking this question in order to avoid the possible catastrophe of an ill-prepared double app transfer) Thank you !

We have been having issues where apple has provided the same sub for two different users. I was under the impression the sub is supposed to be unique? The issue became exacerbated when we transfered an app from one org to another. On transferring the users. Two different transfer subs, resulted in the same sub.

Hello, our Sign in with Apple Button no longer works and throws an 7003 error. It worked a few days ago but suddenly fails. Any ideas how to fix this? Thanks in advance! plist: <dict> <key>com.apple.developer.applesignin</key> <array> <string>Default</string> </array> ... Code: var body: some View { VStack { SignInWithAppleButton(.signUp) { request in request.requestedScopes = [.fullName, .email] } onCompletion: { result in switch result { case .success(let authResults): handleSuccess(authorization: authResults) case .failure(let error): self.credentialFailure = true self.errorMessage = .appleSignInError logger.error("SIWA login failure: \(error)") } } .signInWithAppleButtonStyle(.white) .cornerRadius(GlobalValues.cornerRadius) } } Error: Authorization failed: Error Domain=AKAuthenticationError Code=-7003 "(null)" UserInfo={AKClientBundleID=com.our.app} ASAuthorizationController credential request failed with error: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1001 "(null)" SIWA login failure: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1001 "(null)"

Hello I'm using Akeeba social login plugin with Joomla. I have been struggling for a couple of days to configure the sign in with apple option. I followed the instructions provided by Akeeba. I'm able to click on the button, I go to apple, enter my apple id and password, then the system even does the 2FA. I get returned to the web site with the error Error code 400 received requesting access token: {"error":"invalid_client"}. I really don't know what can be wrong. I have been redoing the config for about 10 times. Any help will be appreciated. Thank you

Sign in with Apple doesn't support VisionOS, is there other way (api) to get user's account in VisionOS ?

I had implemented the Apple login feature and users were fully utilizing it. Then, all of a sudden, it started to fail with an "Invalid client scope " error. And My code is exactly scope="name email". I haven't changed any code for Apple Login, so why is this suddenly happening?

Hello Apple ID support, When a user successfully login with Apple, the apple OAuth will produce a appleIdToken. From my understanding this token is best to not leave the user device. I have two sub-system that can take a appleIdToken and manages the token-refresh separately. In short: Apple -> appleIdToken sub-SystemA(appleIdToken) and sub-systemB(appleIdToken) sub-SystemA and sub-systemB has two separate token management/refresh The question: Is this allowed by the Apple identify server? Is the usecase of supplying appleIdToken to sub-SystemA and sub-systemB valid?

I have followed the steps in this tutorial: https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-apple-id?pivots=b2c-custom-policy to create an Apple sign in for my application. From the Apple Developer Portal menu, I went to Certificates, IDs, & Profiles and created a Key. I then tried to sign the key be using this python script: import jwt import time def generate_token(): private_key = """[pasted key from Apple here]""" team_id = "[pasted team_id]" client_id = "[pasted client_id]" key_id = "[pasted key_id]" validity_minutes = 20 timestamp_now = int(time.time()) timestamp_exp = timestamp_now + (60 * validity_minutes) data = { "iss": team_id, "iat": timestamp_now, "exp": timestamp_exp, "aud": "https://appleid.apple.com", "sub": client_id } token = jwt.encode( payload=data, key=private_key, # Use the key directly without encoding as 'utf-8', jwt.encode handles this. algorithm="ES256", headers={"kid": key_id} ) print(token) generate_token() I don't think this worked because I am getting an error after I sign in. Is there some other script I can use?

Question about "Sign in with Apple". Can 2 apps from 2 different developer accounts (hence, 2 different team ID) share authentications? In other words, can I get consistent user ID from 2 different app under 2 different developer account? Is there a way to configure that from developer portal? Thanks Bill

I would like to integrate my custom icon inside the Apple logo. I have already configured it with my primary Apple ID.

Xcode 15.2, iOS 17.2 I have a piece of code that displays videos. It has been working for at least 6 months. Suddenly only the first video played. The following videos would only play audio with the video being frozen at the first frame. I noticed that SwiftUI would start to instantiate multiple instances of my player observable class instead of just one. After chasing the problem for most of a day I found that if I completely removed every piece of code referencing AuthenticationServices then everything would work fine again. Even if I add the following piece of code which is not used or called in any way. Then SwiftUI will start to act weird. func configure(_ request: ASAuthorizationAppleIDRequest) { request.requestedScopes = [.fullName, .email] } If I comment out request.requestedScopes = [.fullName, .email] everything works fine. The SignInWithApple is configured and works fine if I enable the code. Any suggestions on how to solve or any work arounds would be highly appreciated.

For V1 used for internal purchase verification, when will the exclusive shared key regenerated after transfer be replaced? Will it affect in-app purchases and subscriptions by online users? The V2 used for internal purchase verification uses the key ID instead of the dedicated shared key. In this case, what should we pay attention to before and after the transfer? Do I need to regenerate the key ID for the new account? Is the private shared key still useful? Do I need to generate a dedicated shared key again in the transferred App? What will be the impact on existing subscriptions after the transfer? What do I need to do with the current existing subscriptions? We have used universalLink, do we need to add a new TeamId to the apple-app-site-assn. txt file? { "applinks": { "apps": [], "details": [ { "appID": “TeamIdA.com.***.***”, "paths": [""] }, { "appID": “TeamIdB.com.***.***”, "paths": [""] } ] } } We have stored the login information in Keychain Sharing, is there no way to get the original stored information after transfer? Is there a reasonable solution?

I am getting an error "Cannot create a iOS App Development provisioning profile for "TheSwiftUIWay.login". Personal development teams, including "Cyril John", do not support the Sign in with Apple capability" I have created a developer account but I didnt enroll in the developer program. Am I able to use Sign-In with Apple with the free version of the Apple Developer Account? If so, can you please give me some directions on how I can fix this error?

In order to use Sign in with Apple, I issued a JWT client according to the instructions and was able to connect without any problems, but suddenly an INVALID_CLIENT error started to occur. The error was resolved by re-obtaining the JWT client token and resetting it. The validity period of the JWT client token is 6 months and it has not expired yet, but I would like to know why I am getting an INVALID_CLIENT error.