I know that apple requires apple sign in to be added to app , if , in case user adds any sort of social sign in in their app, . But if the purpose of these social sign in is to just fetch profile pictures only, is it also required then. If it is required , then is there any other way , to get user profile picture from facebook account , without adding any social sign in of any kind. to preserve some development and testing time.

Hi, I'm developing an app that supports sign-in with Apple. From the documentation, it seems that the name provided during registration with Apple Sign In isn't saved by Apple and isn't accessible later on. However, in the event of a server issue during registration, how should I manage the flow? In my opinion, it should be possible to retrieve the chosen name later or programmatically cancel the association of the user's Apple ID from the app to restart the registration process. What are your thoughts?

Hello, I have integrated Sign In with Apple into my Swift App. Now I'd like to add Sign In with Apple into my website. I followed the instructions at https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple and resulted in an html page: <html> <head> <meta name="appleid-signin-client-id" content="colourworker.SPAD"> <meta name="appleid-signin-scope" content="name email"> <meta name="appleid-signin-redirect-uri" content="https://colourworker.com/apps/photofolia/applesignedin.html"> <meta name="appleid-signin-state" content="init"> <meta name="appleid-signin-nonce" content="NONCE"> <meta name="appleid-signin-use-popup" content="true"> </head> <body> <h1>Sign in with Apple</h1> <div id="appleid-signin" data-color="black" data-border="true" data-type="sign in"></div> <script type="text/javascript" src="https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js"></script> </head> </html> I have added https://colourworker.com/apps/photofolia/applesignedin.html to the list of Return URLs at https://developer.apple.com/account/resources/identifiers/serviceId/edit/ZSM7Q3SMVH. But when clicking on the Sign In With Apple button I get the following error: "invalid_request Invalid client id or web redirect url." Any ideas of what I'm doing wrong?

Hello. I'm gilgim. I have some questions regarding the review guidelines while working on the project. Therefore, I would like to ask them. If I implement Apple login on mobile, do I need to implement it on the website as well? May I inquire if it is permissible to implement a feature that matches a user's Apple ID after they have logged in with Apple and undergone authentication within the app to distinguish users? Could you please provide detailed information on whether not implementing or implementing such a feature would be a reason for rejection?"

We are developing a mobile app that allows users to purchase gift cards from popular retailers, and this app requires valid email address during login/register which is needed for mapping all user’s wallet and gift card details. This app also supports social login like Apple, Facebook and Google and we are also providing a web platform where users can check their gift cards and wallet informations. We are currently facing an issue with Apple SignIn when using “Hide by Email” flow. We observed that in this flow, the app generates a tokenised email address for user to login, and the same tokenised email address will be mapped to the user's gift card and wallet information. Assume that an user register with mobile app using tokenised email address and the same user login into the web platform with a valid email address. In this flow, the user will not be able to see the wallet and  purchased gift card information which could result in data issues and discrepancies between web and mobile apps. We would like to know for any option to disable or remove “Hide by Email” from Apple’s SignIn popup. If not, could you suggest us a way to fix this issue. Appreciate your quick response. Thank you!

Below is app rejection message. The issues we previously identified still need your attention. If you have any questions, we are here to help. Reply to this message in App Store Connect and let us know. Bug Fix Submissions The issues we've identified below are eligible to be resolved on your next update. If this submission includes bug fixes and you'd like to have it approved at this time, reply to this message and let us know. You do not need to resubmit vour app for us to proceed. Alternatively, if you'd like to resolve these issues now, please review the details, make the appropriate changes, and resubmit. Guideline 4.0 - Design Your app still offers Sign in with Apple as a login option but does not follow the design and user experience requirements for Sign in with Apple. Specifically: Your app requires users to provide their mobile number after using Sign in with Apple. This information is already provided by the Authentication Services framework. Next Steps Please revise the Sign in with Apple experience in your app to address the issues we identified above.

When I tested Sign in with Apple after completing the transfer of the app, I noticed that when I Sign in with Apple, I became a different user (sub). After reviewing the document below, I realized that before transferring the app, I needed to generate a transfer identifier and hand it over to the receiving team. https://developer.apple.com/documentation/sign_in_with_apple/transferring_your_apps_and_users_to_another_team Is it possible to transfer Sign in with Apple users now, after completing the transfer of the app? I tried to generate generate access token with parameters that indicate in the document below but i can't. https://developer.apple.com/documentation/sign_in_with_apple/transferring_your_apps_and_users_to_another_team On the other hand, I can generate access token with parameters that indicate in the document below. https://developer.apple.com/documentation/sign_in_with_apple/bringing_new_apps_and_users_into_your_team

Hello, Due to legal reason (tax configuration), our organization had to create a new team and migrate iOS apps to a new team. We have an authentication server (Keycloak) configured to use “Sign In With Apple” on the web. Apps currently use the webview provided by Keycloak to proceeed to user login. To do so in the “Certificates, identifiers & Profiles” we have an App ID and Service ID Now we’d like to use “Sign In With Apple” within the apps on the new team and we’d like to keep users created on the old team. So we followed this documentation to transfer users from the old team to the new one : https://developer.apple.com/documentation/sign_in_with_apple/transferring_your_apps_and_users_to_another_team We are able to create transfer subs without any issue. The next step is described in this doc : https://developer.apple.com/documentation/sign_in_with_apple/bringing_new_apps_and_users_into_your_team When we try to get the exchange identifier, (at this step : https://developer.apple.com/documentation/sign_in_with_apple/bringing_new_apps_and_users_into_your_team#3559300), we receive an error 400. Is this because we haven’t done any transfer demand from old team to new team ? Regarding the doc we must : “Coordinate with the sending team transferring their users and apps over to your team. Then accept transfer identifers for all of the migrating users, and exchange the transfer identifiers for team-scoped identifiers and private email addresses to complete the process” As “Sign In With Apple” has been configured to be used for the web and not within an iOS app, we have no transfer identifier and we cannot init a transfer of the AppID and the Service ID used by “Sign In with Apple”. What is the correct way to proceed to users migration from the old team to the new one in this case ? Thank you.

delayed "Sign in with Apple" in android, web page "https://appleid.apple.com/auth/authorize" delayed more than 30 sec to load on Android or web Is there a solution to this issue?

I have implemented Sign in with Apple in my app. The flow goes like this: User taps sign in button In the delegate method I take the auth code and post it to my server. My server sends an activation request to apple and gets an id, refresh, and access tokens. This is where I have a problem: A user requests account deletion. The server sends a request to revoke the access and refresh tokens User may or may not go to settings and revoke "Sign in with Apple" access to the app (the following happens either way) The user then load the app again and taps the Sign in with Apple button. The delegate method provides a valid id token, but the same original auth code instead of generating a new one. The server now gets an invalid response from apple as the auth code is had already expired, and so can't get a new refresh token. The server also can't use the old refresh token as it's been revoked during deletion. Can someone tell me where I'm going wrong? I can't find any documentation for regenerating a refresh token after revoking it. Thank you

I have old site with Apple users. Some of users selected hide my email, so that users created private email id in my old site. I have launch new website and here some old user registered using Apple sign in with same procedure. But I am not sure, these users registered new site with hide my email or not. I have to migrate old site users and there content on new site, but I am not sure same user selected hide my user or not in my both site. For Example 1: User 1 registered on old site with hide my email, so User 1 id created like Email: @privaterelay.appleid.com User 1 registered on new site with show my email, so User 1 id created like Email: @domainname.com Now I want to migrate old site users and data to new site. I cheeked email present on new site or not. If email present then I migrated the data. If email not found in new site, then I will create the user on new site and then migrate the data. But in above example user1 already created account with Hide my email in old site and show my email in new site. So I am not able to recognize user present in new site, so I created a new user entry in new site. That means user1 has created 2 account in new site. Is anyone know how to handle this issue?

I cannot receive full name from Apple sign in and the app review fails. What I receive from the call is the following: { "familyName": null, "identityToken": "XXXXX", "givenName": null, "authorizationCode": "XXXXX", "user": "XXXXX", "email": null } while decoding the identityToken, I get: { iss: 'https://appleid.apple.com', aud: 'popularise.app', exp: 1697700330, iat: 1697613930, sub: 'XXXXX', nonce: 'nonce', c_hash: 'XXXX', email: 'XXXXXX', email_verified: 'true', auth_time: 1697613930, nonce_supported: true } As you can see, I have no information about given or family name. Body I am sending via api rest: { clientId: 'popularise.app', scopes: 'email name', redirectURI: '', state: '12345', nonce: 'nonce', } My tools: I am using nestJS and node (v16).

When I use oauth from different providers like google or apple I can set privacy policy link and terms of service link in oauth consent screen settings. The links are visible on the screen when user is asked to login with selected provider. I thought it is standard oauth functionality but can't find any option to enable it for Sing in with Apple. It makes my whole user experience broken because I have to develop additional consents screen just for apple login.

Regarding apple-id sign in, there was the following statement. https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/verifying_a_user "User interaction is required any time a new identity token is requested. User sessions are long-lived on device, so calling for a new identity token on every launch, or more frequently than once a day, can result in your request failing due to throttling.” I understand that a new id_token will be created when the user signs in. Does asking users to sign in multiple times actually cause throttling? When I tested it personally, no throttling occurred. Our policy is to require users to sign in again only for important operations. Within normal limits, will throttling not occur even if a user signs in multiple times? Also, is there any other way to authenticate users multiple times a day?

My Apple 8S screen is frozen, only the Apple logo appears brightly, i cant turn on or off,

Hi! I have the following problem. We are providing the Apple Sign In option for users to register in our system. When you first login using Apple Sign In it will successfully return "Email" and we are using it for our own registration routine. The problem is with the following thing: our user can remove the account from our system. And after that, he will not be able to register using Apple Sign In. Is there any way to revoke this token? I have seen the https://developer.apple.com/documentation/sign_in_with_apple/revoke_tokens but I cannot call this method from the app: this API route returns 400 from the payload I'm sending. Is there any solution to this problem rather than asking the user to remove the app manually? Can I route the user to the page with these settings? https://developer.apple.com/forums/thread/708415 - and yeah, I have seen this thing. Thank you!

Hi, I have an website with sign in with Apple enabled (using REST API). It seems the majority of my users not aware they are sharing their private email because it is the default selected option. Is there a way to require that the real email be always shared? Alternatively, is there a way to have the "Share My Email" option be the default choice?

I want to support "Sign in with Apple" for my macOS application. Currently, I'm using WKWebview to support this. I'm able to provide a sign in for the current mac user correctly. But some users try to login with another apple ID, which has FIDO certified keys added as 2FA. Now my WKWebView shows this : But nothing happens when they click on "Continue". I think I need to create some kind of interface in my application for this case, but no clear idea. I can't see much articles for this use case with security keys. Anybody has any idea ?

Hi everyone, we are developing Ionic mobile app with .NET server part, now we are trying to implement apple authorization, it works properly with web(user can authorize and server receives callback), but it is not working with mobile, we can authorize and get response on client side with token and code, but it not initiate callback to server, we found a difference in apple endpoint that we call for web and for mobile(in query parameters for mobile- response_mode = web_message and for web- response_mode = form_post), we can't change url for mobile app, because we are using SignInWithApple from @capacitor-community/apple-sign-in, does anyone have experience with this problem? Thanks in advance.

I am working on a financial application that falls under Indian jurisdiction, which has specific regulations prohibiting the use of relay or proxy emails for sign-up processes. Given that the "Hide My Email" feature in "Sign in with Apple" provides a relay email, I'm trying to understand how I can remain compliant with these regulations while offering "Sign in with Apple" as a sign-up option. My proposed flow: Allow users to use "Sign in with Apple" for authentication. Check if the user has opted for the "Hide My Email" feature. If they have, show an error message explaining the regulatory restriction and prompt them to either: a) Use "Sign in with Apple" without the "Hide My Email" option OR b) Use our standard "Sign up with Email and Password" flow. I would like to understand if such an approach is acceptable according to Apple's guidelines. Would there be any issues or recommendations from Apple's side on implementing this flow? Thank you for your assistance and guidance!