Provider – Apple

Apple provider - Sample

Table of contents

How to enable Apple login in WordPress

This provider requires an active subscription for the Apple Developer Program!

1.) Create the Apple App

  1. Navigate to https://developer.apple.com/account/resources/identifiers/list
  2. Click the blue + icon next to Identifiers, then select the App IDs option and click the “Continue” button.
  3. Enter a “Description
  4. At the “Bundle ID” field select the “Explicit” option and enter your domain name in reverse-domain name style, with the name of the app at its end. E.g.: com.mydomain.nslapp
  5. Under the “Capabilities” section, tick the “Sign In with Apple” option.
  6. Scroll up and press the “Continue” button and then the “Register” button.

Sign with Apple - Create App

2.) Create the Apple Key:

  1. On the left hand side, click on the “Keys” tab.
  2. Click the blue + icon next to Keys heading.
  3. Enter a name in the Key Name field.
  4. Tick the “Sign In with Apple” option, then click on “Configure“.
  5. If you have multiple Apps, then at the “Choose a Primary App ID” field select the App what you just created, then click “Save“.
  6. Finally press the “Continue” button and then the “Register” button.
  7. Don’t download the key yet!

Sign with Apple - Create Key
Sign with Apple - Create Key Config

3.) Create the Apple Service:

  1. Go to the “Services IDs” section, what you will find within the “Identifiers” tab.
  2. Click the blue + icon next to Identifiers, then select the “Services IDs” option and click the “Continue” button.
  3. Enter a “Description“.
  4. At the “Identifier” field enter your domain name in reverse-domain name style, with the name of the client at its end. E.g.: com.mydomain.nslclient
    • Note: This will also be used as “Service Identifier” later!
  5. Press the “Continue” button and then the “Register” button.
  6. In the “Services IDs” section, click the service you just created.
  7. Tick the “Sign In with Apple” option and click the “Configure” button next to it.
    • If you have multiple Apps, then at the “Primary App ID” field select the App what you just created.
    • Fill the “Domains and Subdomains” field with the domain that Nextend Social Login suggests
    • Add the URL to the “Return URLs” field that Nextend Social Login suggests
  8. Save the configuration by clicking on the “Save” button and pressing “Done“.
  9. Finally press the “Continue” button and then the “Save” button.

Sign with Apple - Create Service
Sign with Apple - Create Service - Enable
Sign with Apple - Create Service Config

4.) Configure Nextend Social Login with your credentials

Once everything is done above you’ll need to copy and paste the Private Key ID, Private Key, Team Identifier and Service Identifier to the Apple provider’s Settings tab and Generate a token.

Private Key ID:

Navigate to: https://developer.apple.com/account/resources/authkeys/list
Click on the name of your Key.
You will find your “Private Key ID” under “Key ID”.

Private Key:

Click the “Download” button to download the key file. Once this file is downloaded, it will no longer be available, so make sure you keep this file safe!
Open the downloaded file with a text editor like Notepad, copy all of its contents and paste it into Nextend Social Login’s Private Key field.

Team Identifier:

A 10 character long identifier, what you can find on the top-right corner, just under your name.

Service Identifier:

Navigate to: https://developer.apple.com/account/resources/identifiers/list/serviceId
You will find it under the IDENTIFIER column. If you configured the service according to the suggestions, it will probably end to .nslclient e.g.: com.mydomain.nslclient
Sign with Apple - Identifier locations

When you need to change your credentials for some reason, then you must delete the token, copy the new credentials and generate a new token!

5.) Verifying the settings

After you successfully generated a token, the Client ID and the Client Secret will be filled up automatically. You will need these to verify the setup first. This verification helps you identify possible problems with the app.

Settings

Sign with Apple - Settings tab with Credentials

Client ID

The Client ID of your Apple app. The value is defined by the Service Identifier you entered earlier.

Client Secret

The JWT token that was generated from your Private Key ID, Private Key, Team Identifier and Service Identifier. Can not be edited directly! To generate a new token, you need to delete the currently stored JWT token.

Sign with Apple - Other settings

Username prefix on register

Whenever a new user registers with their Apple account they can get a custom prefix so you can easily identify them.

Fallback username prefix on register

Whenever a new user registers with their Apple account and we can not generate a valid username from the first name or last name, a random username will be generated. With this option they can get a custom prefix so you can easily identify them.

Terms and conditions

This option can only be seen, if Terms and conditions is set to Show in Global Settings → Privacy tab. Here you can set custom Terms and Conditions for users who register with Apple. For more information please read our GDPR documentation.

Common error messages returned by Apple during verification

Private key format is not valid!

Token generation failed: Private key format is not valid!

The problem is that the entered Private Key is not valid. Make sure you copied everything from the key file you downloaded, including the following parts:

  • —–BEGIN PRIVATE KEY—–
  • —–END PRIVATE KEY—–

invalid_client

Error: invalid_client


Private Key ID, Team Identifier or Service Identifier is not valid. Delete your current token, insert the proper credentials and generate a new token!

Invalid redirect_uri

invalid_request – Invalid redirect_uri.


The problem is that the entered Return URLs field is not correct for your app. You need to add the “Return URL” what you find at the “Create the Service” section.

Registration limitations

Apple returns the first name and last name only the very first time a user authorizes your app! This means that, if the registration was not completed after the App authorization, then Nextend Social Login won’t be able to retrieve and store the name of the user the next time! In such cases the name will be empty and a random username will be generated!