Set up Apple SSO for users

just as we have other oauth providers that allow users to sign in using their accounts created on other well known platforms, we also have enabled apple sso support for ir studio this guide lays out the blueprints to enable it for any particular application prerequisites apple developer account an apple account added into the developer account with all the right permissions to be able to edit and update app details an app where you want to enable apple sso, ir engine in our case go to apple developer account https //idmsa apple com/idmswebauth/signin?appidkey=891bd3417a7776362562d2197f89480a8547b108fd934911bcbea0110d07f757\&path=%2faccount%2f\&rv=1 and sign in with and apple developer account which should have been added to the developer account previously and must have the right permissions there, you will need to create an app id, a service id and later on a private key, these will give you the credentials that you can then use in your app to be able to let users log in using their apple ids create an app id in the apple developer account, do the following go to section named as certificates, ids & profiles and click identifiers create a new identifier by clicking the small + icon icon besides the identifiers headline if you do not see that, your logged in user might not have the necessary permissions to add the app id ensure your users have the right permissions before moving ahead click app ids and click continue click app in next window and click continue fill in the form that opens up enter the description enter the bundle id which could be a reverse domain styled string i e com domainname appname scroll down to capabilities section and check sign in with apple click continue verify details and click register create a service id in the apple developer account, do the following go to section named as certificates, ids & profiles and click identifiers click the + button beside identifiers click service ids and click continue enter the description enter the bundle id which are a reverse domain styled string i e , com domainname appname click " continue " and " register " edit the service id that you just created check sign in with apple and click on the configure button besides the checked option you will see a screen for web auhentication configuration select the app id we created previously as the primary app id you can add the domains e g, ir engine qat dev api theinfinitereality io and the return urls e g, https //ir engine qat dev api theinfinitereality io/oauth/apple/callback on which the user will be redirected once it is authentication by apple click continue , verify the details and click save the service id that you just created will serve as your client id while sending authentication requests from your app create the secret key we will also need to create a secret key that we can then use to generate the client secret which again will be used while sending an authentication request to apple go to certificates , identifiers & profiles > keys click the + button beside the keys give a key name and check the sign in with apple checkbox click configure next to the sign in with apple checkbox and select the app id we previously created under the choose a primary app id key click save , verify the details and click register download the key and keep it in a safe and secure place warning you can only download the key once click done