Apple login

Enable Sign in with Apple: Services ID, Team ID, Key ID, and .p8 private key.

Settingtoggle.social_apple

Apple login

When on, Apple appears on sign-in and register if all Apple fields are set (and Social login master is on). There is no static Apple "client secret" - the app builds a short-lived JWT from your .p8 key.

Where to find it

Admin → Settings → Mods → Social → Apple

Field Key
Enable toggle.social_apple (defaults on; needs all four fields)
Services ID apple_oauth_client_id
Team ID apple_oauth_team_id (10 characters)
Key ID apple_oauth_key_id
Private key (.p8) apple_oauth_private_key

Setup

1. In Apple Developer create an App ID with Sign in with Apple, then a Services ID.

2. Under the Services ID, configure Return URLs to the admin Redirect URI:

https://YOUR-DOMAIN/api/auth/oauth/apple/callback

3. Create a Sign in with Apple key (.p8), note Key ID and Team ID.

4. Paste Services ID, Team ID, Key ID, and full .p8 PEM (keep BEGIN/END lines). Enable and save.

Official: Sign in with Apple.

Apple posts the callback as form_post - the app accepts that POST on the callback route.

Common problems

Invalid client / JWT errors

Wrong Team ID, Key ID, mangled .p8, or Services ID mismatch. Re-download the key if unsure.

Works in Safari only / weird redirects

Return URL must be https and match character-for-character. Check PUBLIC_APP_URL / site origin if the shown Redirect URI is wrong.

Related