This example demonstrates Sign in with Apple using the REST API per Apple's docs: https://developer.apple.com/documentation/signinwithapplerestapi/request-an-authorization-to-the-sign-in-with-apple-server
- Create a Service ID in Apple Developer and configure the return URL:
- Redirect URI:
http://localhost:3000/api/callback
- Redirect URI:
- Generate a Sign In with Apple private key and note the Key ID.
- Create
.env.localwith the following variables:
NEXT_PUBLIC_BASE_URL=http://localhost:3000
APPLE_TEAM_ID=YOUR_APPLE_TEAM_ID
APPLE_CLIENT_ID=YOUR_SERVICE_ID
APPLE_KEY_ID=YOUR_KEY_ID
APPLE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
APPLE_REDIRECT_URI=http://localhost:3000/api/callback
- Install deps from repo root:
pnpm install - Start this example:
cd examples/apple-login
pnpm dev
Open http://localhost:3000 and click "Sign in with Apple".
- This demo uses
response_mode=form_post. - The server generates a client secret JWT signed with your private key.
- For production, verify
id_tokenwith Apple's JWKS.
- Ensure
APPLE_REDIRECT_URIEXACTLY matches the value configured on your Service ID. - Ensure the Service ID is of type Web and domain
localhostis added if required. - Ensure the private key corresponds to the same Team and Key ID, and is in PKCS#8 format.
- Clear Apple cookies or try a private window; cached sessions can cause opaque errors.
- Check server logs: the callback will display
erroranderror_descriptionfrom Apple if present.