Skip to content
  • Auth and access
  • Social sign in

Apple social sign in

You can enable users to sign up and sign in using their Apple credentials.

⚠️ Note: Apple limits the information it passes when users sign up this way. Avatars and profile pictures do not flow through to the auth experience in Kinde.

  • An Apple Developer account including a subscription to the Apple developer program
  • Your Kinde callback URL (see below)
  • Some developer know-how

Copy the callback URL from Kinde

Link to this section
  1. In Kinde, go to Settings > Authentication.
  2. If you have not yet added the Apple connection, select Add connection, select Apple, then Save.
  3. On the Apple auth tile in the Social authentication section, select Configure.
  4. In the Callback URL section:
    1. If you use Kinde’s domain as your default, copy the Kinde domain URL.
    2. If you use a custom domain (and want to use it as the callback) select the Use custom domain instead switch and copy the Custom domain URL.
  5. Use the copied Callback URL to set up the app, see below.

Configure sign in for your app

Link to this section

ℹ️ The following procedures refer to several types of IDs including App ID and Services ID. Take care to follow the steps exactly, to avoid errors.

Set up your app

Link to this section
  1. In your Apple developer account, go to Identifiers.
  2. Select the plus (+) icon next to Identifiers.
  3. Select App IDs, then select Continue.
  4. Select App, then select Continue.
  5. Enter a description and Bundle ID.
  6. In the Capabilites list, select Sign in with Apple.
  7. Select Register.

Register services

Link to this section
  1. Select the plus icon (+) next to Identifiers.
  2. Select Services ID, then select Continue.
  3. Enter a description and identifier (make a note of this because it will be used as the Client ID).
  4. Select Register.

Configure domains

Link to this section
  1. Click on the newly created service to edit.
  2. Check the box to enable Sign In with Apple and click Configure.
  3. In the Domains and Subdomains field, enter your Kinde URL, e.g. yourdomain.kinde.com (excluding the https:// protocol)
  4. In the Return URLs field, enter your Kinde callback URL, e.g. https://yourdomain.kinde.com/login/callback
  5. Select Next, then select Done.
  6. In the Edit your Services ID Configuration window, select Continue, then select Save.
  1. Select Keys in the left hand menu and click the plus icon (+) next to the page title.
  2. Enter a Key Name.
  3. Select Sign In with Apple and next to this option, select Configure.
  4. Select your app from the Primary App ID field, then select Save.
  5. Select Continue then select Register.
  6. Download your key as per the screen instructions. You will need this to generate the client secret.
  7. When you have downloaded the key, select Done.

Generate the client secret

Link to this section

There are several ways to generate the client secret. An example is provided below.

Example using Ruby

You can use open source libraries for creating and signing JWT tokens for your client secret (see JWT.io). The below steps provide an example of accomplishing this using Ruby.

  1. Install jwt using the following command: gem install jwt.

  2. Create a file titled client_secret.rb and replace the empty values in your script as follows:

    • key_file is the p8 file containing your private key that you downloaded.

    • team_id can be found in the top right of your apple developer account under your name.

    • client_id is the identifier used for the service.

    • key_id was provided on the key creation screen.

      require 'jwt'
      key_file = 'key.txt'
      team_id = ''
      client_id = ''
      key_id = ''
      ecdsa_key = OpenSSL::PKey::EC.new IO.read key_file
      headers = {
      'kid' => key_id
      }
      claims = {
      'iss' => team_id,
      'iat' => Time.now.to_i,
      # Note that this is the maximum exp value of 6 months
      'exp' => Time.now.to_i + 86400*180,
      'aud' => 'https://appleid.apple.com',
      'sub' => client_id,
      }
      token = JWT.encode claims, ecdsa_key, 'ES256', headers
      puts token
  3. Run the script with ruby client_secret.rb and copy the generated client_secret.

  4. Add these credentials into Kinde.

Add credentials to Kinde

Link to this section
  1. In Kinde, go to Settings > Authentication.
  2. On the Apple tile, select Configure.
  3. Paste the Client ID (Service ID) and Client secret (Private key) into the relevant fields.
  4. Select which apps will use Apple sign in.
  5. Select Save. Users will now see Apple as an option to sign up and sign in to your product.

Renew Apple token periodically

Link to this section

To continue to enable users to sign in with Apple, you will need to periodically renew the Apple token by generating a new client secret. Usually every six months. To do this, repeat the procedures from Set up keys to Add credentials to Kinde, above.

Third party references for this article

Link to this section

We do our best to test all our procedures, but sometimes third party companies change things without us knowing. Here’s the sources we used to create this article.