Apple login
Enable Sign in with Apple: Services ID, Team ID, Key ID, and .p8 private key.
Apple login
When on, Apple appears on sign-in and register if all Apple fields are set (and Social login master is on). There is no static Apple "client secret" - the app builds a short-lived JWT from your .p8 key.
Where to find it
Admin → Settings → Mods → Social → Apple
| Field | Key |
|---|---|
| Enable | toggle.social_apple (defaults on; needs all four fields) |
| Services ID | apple_oauth_client_id |
| Team ID | apple_oauth_team_id (10 characters) |
| Key ID | apple_oauth_key_id |
| Private key (.p8) | apple_oauth_private_key |
Setup
1. In Apple Developer create an App ID with Sign in with Apple, then a Services ID.
2. Under the Services ID, configure Return URLs to the admin Redirect URI:
https://YOUR-DOMAIN/api/auth/oauth/apple/callback
3. Create a Sign in with Apple key (.p8), note Key ID and Team ID.
4. Paste Services ID, Team ID, Key ID, and full .p8 PEM (keep BEGIN/END lines). Enable and save.
Official: Sign in with Apple.
Apple posts the callback as form_post - the app accepts that POST on the callback route.
Common problems
Invalid client / JWT errors
Wrong Team ID, Key ID, mangled .p8, or Services ID mismatch. Re-download the key if unsure.
Works in Safari only / weird redirects
Return URL must be https and match character-for-character. Check PUBLIC_APP_URL / site origin if the shown Redirect URI is wrong.