Hi Apple Developer Support, We are implementing Sign in with Apple for our web application hosted on example.com. In the Service ID settings, we have configured the following: Service ID (client_id): com.example.service.local Web Domain: example.com Return URL: https://2db2-121-160-153-88.ngrok-free.app/login/oauth2/code/apple We also tested login via the following URL from our web application: https://appleid.apple.com/auth/authorize?response_mode=form_post&response_type=code&client_id=com.example.service.local&scope=name%20email&state=2f9gMY1rTe12-O7Wbnb7KWe504HQ0KWBSHTKHbg9ZEY=&redirect_uri=https://2db2-121-160-153-88.ngrok-free.app/login/oauth2/code/apple However, we’re receiving an invalid_client error after submission. Our questions: Is it valid to use an ngrok URL like https://2db2-121-160-153-88.ngrok-free.app/... as the Return URL for development and testing? Does the Web Domain need to match the ngrok domain, or is it enough to register the production domain (e.g., example.com)? Is there any propagation delay or approval process after updating the Return URL in the Service ID? Is the client_id strictly required to match the Service ID exactly? We would greatly appreciate any insights or best practices to help us resolve this issue. Thank you in advance!

Problem I’m trying to implement Sign in with Apple in my application. However, when my app redirects to the Apple authorization page at: https://appleid.apple.com/auth/authorize I get an invalid_client error with no further explanation. Settings I followed this article closely: [https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple#generate-the-client-secret] Steps I have completed: Created an App ID and a Service ID on Apple Developer Portal. Enabled “Sign in with Apple” for both the App ID and the Service ID. Added my domain and callback URL to the Service ID configuration. (I'm using ngrok to proxy my localhost during development.) Linked an existing private key with “Sign in with Apple” capability. My identifiers: Service ID is used as client_id Team ID is taken from the top right of the Apple Developer dashboard Key ID is from the private key associated with the App Environment My backend is built with Laravel, and I'm using the [SocialiteProvider/Apple][https://socialiteproviders.com/Apple/#installation-basic-usage] library to handle the OAuth flow. I followed the recommended method to generate a client secret (JWT) for each request, using this blog post: [https://bannister.me/blog/generating-a-client-secret-for-sign-in-with-apple-on-each-request] My .env configuration looks like this: APPLE_CLIENT_ID=com.service.paxton.stockApp APPLE_TEAM_ID=25729642DK APPLE_KEY_ID=JFP9Q53ZCY APPLE_PRIVATE_KEY=storage/AppleDev-AuthKey_JFP9Q53ZCY.p8 JWT Generation I also tested generating the JWT using the Ruby script from the Okta article: [https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple#generate-the-client-secret] Here is the script I used: require 'jwt' key_file = './storage/AppleDev-AuthKey_JFP9Q53ZCY.p8' team_id = '25729642DK' client_id = 'com.service.paxton.stockObserve' key_id = 'JFP9Q53ZCY' ecdsa_key = OpenSSL::PKey::EC.new IO.read key_file headers = { 'kid' => key_id } claims = { 'iss' => team_id, 'iat' => Time.now.to_i, 'exp' => Time.now.to_i + 86400*180, 'aud' => 'https://appleid.apple.com', 'sub' => client_id, } token = JWT.encode claims, ecdsa_key, 'ES256', headers puts token This JWT validates correctly. I’ve also used Apple’s public key to verify the signature, and it passed. I verified the JWT header and payload format using this helpful article: [https://fluffy.es/how-to-solve-invalid_client-error-in-sign-in-with-apple/] Third-Party Testing To eliminate mistakes in my setup, I even tried a third-party tool featured in this YouTube video: [https://youtu.be/8v01TaX1EJA?si=0jOBGBVk0R0zbmdo] Unfortunately, the result was the same — invalid_client. Question I’ve double-checked everything I can think of: keys, claims, domain whitelist, identifiers. I even verified the JWT independently. If anyone (especially someone from Apple) can help identify the missing piece, I would be truly grateful.

On Wednesday, June 18, 2025, Sign in with Apple was impacted by a configuration issue which affected some developer accounts that created new app or Services ID configurations, or edited existing configurations, resulting in the following errors: invalid_client response error returned by the authentication, token validation/revocation, and user migration requests "Sign Up Not Completed" (or equivalent) error presented from the Authentication Services framework. On Monday, June 23, 2025, this issue was resolved. Please retry the Sign in with Apple flows in your Sign in with Apple enabled apps and websites to confirm your developer account configuration has been fixed. Please let us know if you can still reproduce this issue with your developer account. If so, follow the steps outlined in the post below: Gathering required information for troubleshooting Sign in with Apple authorization and token requests https://developer.apple.com/forums/thread/762831 Finally, reply (not comment) with your Feedback ID on either of the posts below: https://developer.apple.com/forums/thread/789011 https://developer.apple.com/forums/thread/789132 Cheers, Paris X Pinkney |  WWDR | DTS Engineer

On Thursday, June 12, 2025, Sign in with Apple was impacted by an incorrect subdomain defined in its /.well-known/openid-configuration file. The JSON returned incorrectly provided https://account.apple.com instead of the expected https://appleid.apple.com. For Sign in with Apple, the value for the issuer (iss) claim in the user's identity token is https://appleid.apple.com. Additionally, if your clients use the Sign in with Apple REST API, the following endpoints should be used for each request: https://appleid.apple.com/auth/authorize https://appleid.apple.com/auth/token https://appleid.apple.com/auth/revoke https://appleid.apple.com/auth/keys This issue with the /.well-known/openid-configuration file was resolved the same day. Use the URL below to confirm the expected subdomain is provided, as needed: https://appleid.apple.com/.well-known/openid-configuration Cheers, Paris X Pinkney |  WWDR | DTS Engineer

I am having trouble with one of my apps that will not let me log in via Apple Sign In. I am using Firebase and Firebase UI for the sign in process. I have many other apps with the same exact config that currently work just fine, but this one I have gone as far as completely deleting the targets and rebuilding and it will not return from the login screen I checked the following: Sign in with Apple ID Capability is available in XCode and on the dev certificate on developer.apple.com I have also toggled both of them on and off. I have double checked the config in Firebase to turn on the Apple Login identifier. Again I have toggle it on and off. I have cleaned the project multiple times to no avail. I have logged out and back into my developer account in XCode. It seams like after I put in the correct password to log in, it just never returns to the app, there is no logging. I do get a notified(shaking input box) if I put in an incorrect password, but when I put in the correct one, the login window never dismisses and my app is not notified. I checked the Console and the last message from akd on a working app is: Notifying client (bundle) of credential state change 1. Remote view sent a finish event On the one not working, using the same user and password akd returns: SRP authentication with server failed! Error: Error Domain=com.apple.AppleIDAuthSupport Code=2 "M2 missing (bad password) I have 100% verified I am putting in the correct user password. I was only notified of this issue because Policy is having the same issue logging in during App Review. Also, if I put in a bad password the input window shakes and when this is happening, the input window is not shaking

Hello. I have issue with implementing "Sign in with Apple" on my website. As folow, I have created: App ID identifier: com.livnobus.app (G2F5N5UHYZ) Service ID identifier: com.livnobus.client (B25ZN8P84U) with option enabled "Sign in with Apple" and configuration (Primary App ID and Webiste URLs) Key ID: 43N8XKUW7S with option enabled "Sign in with Apple" and configuration (Primary App ID and Grouped App Ids) When I click "Sign in with Apple" on my website (https://dev.livnobus.com/auth/login), system redirect me to https://appleid.apple.com/ and error show "invalid_client". Redirect URL on my web site is: https://appleid.apple.com/auth/authorize?client_id=com.livnobus.client&redirect_uri=https%3A%2F%2Fdev.livnobus.com%2Fauth%2Fapple%2Fcallback&scope=name%20email&response_type=code&response_mode=form_post&state=eGAgdpLrvskJc26RbTizc9TGwxnL6KAEJOf68pmO&nonce=e7c7a242-1977-47ea-9013-98820c24bfba.eGAgdpLrvskJc26RbTizc9TGwxnL6KAEJOf68pmO There was old Service ID identifier com.livnobus.app-client, for which I lost private KEY, so I have created new one: com.livnobus.client With old Service ID com.livnobus.app-client, https://appleid.apple.com/ shows me Apple form for sign in, but with new Service ID com.livnobus.client there is error "invalid_client" https://appleid.apple.com/auth/authorize?client_id=com.livnobus.app-client&redirect_uri=https%3A%2F%2Fdev.livnobus.com%2Fauth%2Fapple%2Fcallback&scope=name%20email&response_type=code&response_mode=form_post&state=eGAgdpLrvskJc26RbTizc9TGwxnL6KAEJOf68pmO&nonce=e7c7a242-1977-47ea-9013-98820c24bfba.eGAgdpLrvskJc26RbTizc9TGwxnL6KAEJOf68pmO These changes I have made last Friday, and since then I can't use "Sign in with Apple" on my website. Thanks!

We're integrating Sign in with Apple into our iOS app using both SwiftUI and UIKit. The Apple ID login UI appears correctly on real devices, but after tapping Continue, the system immediately stops and shows code 1001. This issue happens across multiple devices and Apple ID accounts, even with no prior login history. We’ve confirmed the following: Sign in with Apple is enabled in both Developer Portal and Xcode Capabilities Automatic signing and provisioning are set correctly Device is signed into iCloud and system time is synced Performed clean build, app reinstall, and other standard debugging steps We suspect that the sign-in process may not be completing properly due to some kind of account or server-side restriction, and we’d appreciate any insights into this behavior.

Hi, I've been developing an app with a server. I'm hosting the server on an IPv6-ONLY network that's hidden behind the CloudFlare, so it works flawlessly from the clients point of view, but if server needs to access external resources, they need to be accessible over IPv6. As it turns out, appleid.apple.com doesn't support IPv6, and the Sign In with Apple happens with the help of my server. So, I can't sign users in as Apple doesn't support IPv6 traffic on appleid.apple.com. Are there any plans to support IPv6 in the near future, or should I work on the networking setup to enable IPv4 just for the Apple SSO? Or maybe there's a clever workaround I'm missing?

Hey there, im getting Sign up not complete! even with the official template https://developer.apple.com/documentation/authenticationservices/implementing-user-authentication-with-sign-in-with-apple my developer account is recently renewed, which it has expired for a bit i am using automatic managed signing I have a feel something went wrong my apple developer account id, and also this cause me getting invalid client when sign in with app on web app.

Hi, I have setup Apple SignIn on a platform i am developing and configure all the required Service IDs and redirect URLs. The integration worked up until I moved the platform to a new domain name last friday. I have reconfigured the list of allowed domains and redirect urls to the new domain name, and removed all the mentions of the former one. Since then, when trying to Sign In with Apple, I am greated with the following error : " invalid_request - Invalid web redirect url". I have also observed that if i manually change the domain name in the redirect_uri parameter but keep the rest of the OAuth URL identical, the error disappears. This should not be possible since the former domain name has been completely removed from the Service ID configuration. Is there a propagation time for this ? And if so, it seems very long (5 days and pending). I have checked and rechecked and tripled checked my configuration, every time by going in my dev account > Identifiers > Service IDs > Sign In with Apple > Configure, then clicking Done > Continue > Save. I can confirm that : the redirect domains and URLs there are correct, and no mention of the former domain name is present I can still login using the former domain redirect urls (so my implementation is valid, but the configuration is not up to date) the new redirect urls are still not working as of now https is included in the redirect_urls, no trailing slash is present. again, the same URLs but with a different domain name were configured and worked (if anything, still work) properly TLS 1.3 connection (i know 1.2 is a requirement) Any advice would be welcome

Since a few days, we are hitting AuthorizationError 1000 / 1001 whenever we try to use Sign in with Apple for a new app. We have added entitlements to the app in both release and debug, and setup the services id. Many other devs are complaining about the same issue lately, and it's possible to reproduce on a fresh app id, see this thread: https://www.reddit.com/r/flutterhelp/comments/1lf6kmq/sign_in_with_apple_signup_not_completed

We’re integrating Sign in with Apple using Apple’s official JavaScript SDK: https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js We’ve successfully used this setup with an older Service ID, but when we try to use any newly created Service ID, we get the following error immediately when calling AppleID.auth.signIn(): invalid_client This happens before any request reaches our backend. The same flow, redirect URI, and frontend code works fine with an old Service ID — but fails with new ones. ✅ What We’ve Verified: The Service ID (e.g., com.projectx.web.login) is created under Apple Developer → Identifiers → Service IDs The redirect URI is correct and matches exactly (HTTPS, no trailing slash) No client_secret is passed in the frontend (by design) We’re using usePopup: true ❌ What Doesn’t Work: Any new Service ID we create — even on the same domain and configuration — fails with invalid_client. 🔁 What We’ve Tried: Creating multiple new Service IDs Waiting 48+ hours in case of propagation delays Validating HTTPS and redirect URI setup Comparing all settings with the working (older) Service ID (which we deleted since we thought that was causing a problem) Testing in different environments and browsers ❓ Questions: Why do newly created Service IDs fail with invalid_client while older ones work? Are there undocumented requirements, propagation delays, or steps for new Service IDs to become active? Is this a known limitation or bug in the SDK? 💻 Our Code: import { useEffect } from "react"; import { Button, Box } from "@mui/material"; import api from "../utils/api"; // Axios wrapper import AppleIcon from "@mui/icons-material/Apple"; import MainAuthStyles from "../pages/MainAuthStyles"; import { useUser } from "../../../user-module/src/contexts/UserContext"; import { useNavigate } from "react-router-dom"; // Apple global type declare global { interface Window { AppleID: any; } } type AppleSignInButtonProps = { setApiError: (msg: string) => void; }; const AppleLogInButton = ({ setApiError }: AppleSignInButtonProps) => { const { user, setUser } = useUser(); const navigate = useNavigate(); useEffect(() => { if (!window.AppleID) return; window.AppleID.auth.init({ clientId: import.meta.env.VITE_APPLE_CLIENT_ID, scope: "name email", redirectURI: import.meta.env.VITE_APPLE_REDIRECT_URI, usePopup: true, }); }, []); const handleAppleLogin = async () => { try { const response = await window.AppleID.auth.signIn(); const { id_token, code, user } = response.authorization; const res = await api.post("/auth/apple-login", { idToken: id_token, code, user, rememberMe: true, }); if (res.data.success == true && res.data.user.userDataInitialised == true ) { setUser({ id: res.data.user.id ? res.data.user.id : '', fullName: res.data.user.fullName ? res.data.user.fullName : '', email: res.data.user.email ? res.data.user.email : '', role: res.data.user.role ? res.data.user.role : '', signUpType: res.data.user.signUpType ? res.data.user.signUpType : '', userDataInitialised: res.data.user.userDataInitialised ? res.data.user.userDataInitialised : false, }); localStorage.setItem("accessToken", res.data.accessToken); localStorage.setItem("refreshToken", res.data.refreshToken); navigate("/app") } else { setApiError("Unrecognized login method") return; } } catch (err) { console.error("Apple Sign-In failed", err); setApiError("AppleSignInFailed"); } }; return ( <Box mt={2}> <Button variant="outlined" fullWidth onClick={handleAppleLogin} className="AuthAppleButton" startIcon={<AppleIcon />} > Log in with Apple </Button> </Box> ); }; export default AppleLogInButton; Any help from the Apple team or anyone who's resolved this issue would be appreciated — we’re currently blocked on deploying new environments due to this error. Thanks!

I'm currently facing an issue while integrating Sign in with Apple on a Firebase web app using JavaScript. ✅ What I’ve done: Created a Service ID Created an App ID and enabled Sign in with Apple Linked the Service ID to the App ID under Web Authentication Configuration and also add these Domains and sub-domains: apple-signin-test-next.firebaseapp.com Registered return URL: https://apple-signin-test-next.firebaseapp.com/__/auth/handler Generated a key with Sign in with Apple capability and added: Key ID Team ID Private Key Client ID (Service ID not App ID) all in the Firebase Auth Apple Sign-In configuration I’ve tried multiple test projects and keys, including deleting and recreating everything, but I still consistently receive this error: invalid_client 🔎 Additional Details: The client_id in the auth request matches the Service ID exactly I’m not using an iOS app — this is purely web-based Sign in with Apple I am using a valid Apple Developer account enrolled in the program What could be the reason Apple keeps returning invalid_client even though all configuration seems correct? Please help us to resolve the issue. We are ready to connect for a call too. Thanks

I hope this problem could be solved, also in case any other one strugling the same issue could be helpful. We are developing an iOS App which use "sign in with Apple" feature. We found we can not login with this feature, the "sign in with Apple" dialog box always flash an error info "Sign-Up Not Complete". We have double checked configuration of Bundle ID, and xcode capabilities, info.plist, entitlements, etc. We have even changed the developer team, using other bundle ID and demo code to testify this, also got failure of "Sign-Up Not Complete" error. We did even just use Apple official demo code (https://developer.apple.com/documentation/AuthenticationServices/implementing-user-authentication-with-sign-in-with-apple), also got the same failure. Interestingly, we found that using some old Bundle IDs which created before (even we did not use it for App yet), we could get "sign in with Apple" success logged in. Therefore we now can not include "sign in with Apple" feature in our App today, and this is the key feature in our App. Please help. Since there is very little information we could collect, I just put the debug error here: Authorization failed: Error Domain=AKAuthenticationError Code=-7003 "(null)" UserInfo={AKClientBundleID=com.nethawk.flutter.battlebuddy} LaunchServices: store (null) or url (null) was nil: Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={NSDebugDescription=process may not map database, _LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler} Attempt to map database failed: permission was denied. This attempt will not be retried. Failed to initialize client context with error Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={NSDebugDescription=process may not map database, _LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler} Failed to get application extension record: Error Domain=NSOSStatusErrorDomain Code=-54 "(null)" ASAuthorizationController credential request failed with error: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1001 "(null)"

Apple Sign In - "Sign up not completed" Error in Development Build (React Native / Expo) Problem Summary I'm implementing Apple Sign In in a React Native app using expo-apple-authentication. The Apple sign-in dialog appears as expected, but after tapping "Continue," it displays the message: "Sign up not completed". No credential is returned, and the promise eventually rejects with ERR_REQUEST_CANCELED. App Configuration Platform: React Native (Expo SDK 52) Library: expo-apple-authentication v7.1.3 Target: iOS development build (not Expo Go) Bundle ID: com.example.appname.nativetest (new App ID created for testing) Apple Developer Console Setup (Reviewed Carefully) App ID Explicit App ID (not a wildcard) "Sign In with Apple" capability enabled No associated Services IDs or Sign In with Apple Keys Provisioning Profile Development profile created for the test App ID Profile includes the test device and development certificate Installed successfully and used to sign the app Certificates and Signing Valid Apple Developer Program membership Development certificate installed and selected during build App installs and launches properly on the test device Implementation Attempts Attempt 1: Supabase OAuth Method Initially tried using Supabase’s built-in Apple OAuth provider: Configured with team ID, key ID, and JWT credentials Proper redirect URLs and scheme were in place Resulted in OAuth URL pointing to Supabase instead of Apple, with incomplete client ID Ultimately moved to native implementation for improved control and reliability Attempt 2: Native Apple Sign In (Current Approach) Using expo-apple-authentication with the following code: const credential = await AppleAuthentication.signInAsync({ requestedScopes: [ AppleAuthentication.AppleAuthenticationScope.FULL_NAME, AppleAuthentication.AppleAuthenticationScope.EMAIL, ], }); Relevant app.config.js Section: ios: { bundleIdentifier: 'com.example.appname.nativetest', usesAppleSignIn: true, infoPlist: { NSAppTransportSecurity: { NSAllowsArbitraryLoads: true, NSAllowsLocalNetworking: true, }, }, }, plugins: ['expo-apple-authentication'] Observed Behavior AppleAuthentication.isAvailableAsync() → true Credential state → NOT_FOUND (expected for new user) Apple Sign In dialog appears and allows interaction User taps "Continue" → dialog reports "Sign up not completed" Eventually returns: [Error: The user canceled the authorization attempt], code ERR_REQUEST_CANCELED Confirmed Working Aspects AppleAuthentication API is available and initialized App is signed correctly and launches on the physical test device Apple Sign In dialog appears with correct styling and options Same result observed across both Wi-Fi and cellular networks Clean Setup and Debugging Performed Removed all previous build artifacts Created a new App ID and new provisioning profile Rebuilt the app using expo run:ios --device Validated entitlements and provisioning assignments Removed any Services IDs and Apple Sign In keys used in previous attempts Verified ATS (App Transport Security) policies allow dev-time communication Environment Information Device: iPhone (not simulator) iOS Version: 18.5 Xcode: Latest version Apple ID: Developer account with 2FA enabled Build Method: EAS CLI using expo run:ios --device Open Questions Has anyone experienced the "Sign up not completed" issue with a clean native implementation in Expo? Are there known limitations when testing Apple Sign In in local development builds? Could prior Apple ID authorization attempts impact sign-in behavior during testing? Are there any additional configuration steps, Info.plist changes, or entitlements required beyond those listed above? Thank you in advance for any suggestions or guidance. We’re hoping this is simply a configuration detail that needs to be adjusted.

I am trying to implement Apple Login on the web. The language I am using is PHP. I have created the App ID, Service ID, and Key. In the Service ID, I clicked the Configure button for Sign In With Apple and entered the domain and return URL. However, when I click the login button, I only get an "invalid_client" error screen.

Sign up not completed when I log to an app using apple id. What should i do?

When implementing Sign In with Apple I created an App ID and a Service ID for my app. I didn't configure the Server-to-Server Notification URL properly there and token revocation didn't work. Later on I updated the url config and the name of the identifiers. However, when I Sign in with Apple in my app I still see the old identifier name in my iPhone Settings->Apple Account->Sign in with Apple. I would assume that if the name doesn't update, the configuration doesn't update either. I'm using automatic Xcode signing, I have deleted all the profiles locally, cleaned project, bumped versions, waited for a week, nothing worked. Token revocation for account deletion doesn't work properly I would assume because of the initial misconfiguration. I want to mention that this is working fine for my development build (another bundleID, AppID, ServiceID) What am I missing here?

Hi guys, I'm trying to use sign in with apple in javascript, I followed the guider in the website, and almost find everything I can find in Google, but nothing help, here is my situation: I create a new App: com.yuhan.test.app I create a new service ID: com.yuhan.test.service configure a domain and return url domain: tts.perterpon.com returnURL: https://tts.perterpon.com/login create a new key for Sign In with Apple. my html code is here, it's easy, but it always told me invalid_client, I think I have done anything I need to do, can somebody help me? Thank you so much. you can test my online web site: https://tts.perterpon.com/login.html ` const buttonElementNew = document.getElementById('appleid-signin'); buttonElementNew.addEventListener('click', async () => { try { const data = await AppleID.auth.signIn() console.log('Try/Catch Data', data.authorization.id_token); const formData = new FormData(); formData.append("token", data.authorization.id_token); await fetch("", { method: "POST", body: formData, }); // Handle successful response. } catch (error) { // Handle error. } }); </script>

We have integrated Sign in with Apple into our iOS project using the recommended implementation from your documentation,However, we are experiencing issues when testing with the following: Bundle ID: com.app.xxx Using real certificates from our Apple Developer account Issue Details: On real devices, after entering the Apple ID password, we receive a message saying: "Sign-up not completed" On simulators, the flow gets stuck after entering the password no further progress occurs. We are not receiving any explicit error messages in the console or logs. We also tested with the official Apple sign-in demo code from the documentation link above, and the same issue occurred. Our team has confirmed that all necessary configurations have been set correctly, and the same implementation works on other accounts. We would appreciate your assistance in identifying the root cause and helping us resolve this issue. Thank you,