This guide walks you through creating the Apple App ID, Services ID, and Private Key required for Sign in with Apple. You’ll collect a Team ID, Services ID, Key ID, and Private Key to plug into the Auth pane.Documentation Index
Fetch the complete documentation index at: https://docs.replit.com/llms.txt
Use this file to discover all available pages before exploring further.
This page covers only the provider-side setup in the Apple Developer portal. For the overall Clerk Auth flow — including enabling Apple and entering credentials in the Auth pane — see Configuring OAuth credentials for an SSO provider in the Clerk Auth doc.
Prerequisites
- An Apple Developer account (requires enrollment in the Apple Developer Program)
- A published Replit app — custom OAuth credentials are only available in the Production environment
- The Apple provider’s edit panel opened in: Auth pane → Configure tab → SSO providers section → select the Production environment → select Edit next to Apple
Step 1: Create an Apple App ID
- Navigate to the Apple Developer portal
- Go to Certificates, IDs & Profiles then Identifiers
- Select App IDs from the dropdown
- Select the + icon to register a new identifier
- Select App IDs, then Continue
- Choose App, then Continue
- Fill in:
- Description: Name for your App ID
- Bundle ID: Your unique identifier
- Enable Sign In with Apple under Capabilities
- Select Continue, then Register
- Save your App ID Prefix (shown at top) - this is your Team ID
Step 2: Create an Apple Services ID
- On the Identifiers page, select Services IDs from the dropdown
- Select + to register a new identifier
- Select Services IDs, then Continue
- Fill in:
- Description: Name for your Services ID
- Identifier: Your unique identifier (save this - it’s your Services ID)
- Select Continue, then Register
Configure the Services ID
- Select your newly created Services ID
- Enable Sign In with Apple
- Select Configure
-
Set:
- Primary App ID: Select your App ID from Step 1
- Domains and Subdomains: Copy the value shown under Provider setup in the Auth pane (without the
https://protocol prefix) - Return URLs: Copy the value shown under Provider setup in the Auth pane
- Select Next, then Done, then Continue, then Save
Step 3: Create an Apple Private Key
- In the Apple Developer portal sidebar, select Keys
- Select + to register a new key
- Enter a Key Name
- Enable Sign In with Apple
- Select Configure, then select your App ID from Step 1
- Select Save, then Continue, then Register
- Save the Key ID
- Download the private key file (.p8)
Step 4: Configure Apple Private Email Relay
Apple’s Hide My Email feature lets users sign in without revealing their real email. To send emails to these users, register your email source.- In the Apple Developer portal sidebar, select Services
- Under Sign in with Apple for Email Communication, select Configure
- Select + to add an Email Source
- Enter the Email Source value shown under Provider setup in the Auth pane
- Select Next, then Register, then Done
- Wait for DNS verification (green check icon)
In some regions (China, India), Apple IDs may be tied to phone numbers instead of email. If your app requires email for all users, Sign in with Apple may fail for users in these regions.
Troubleshooting
Invalid client
- Verify all credentials are entered correctly
- Ensure the Private Key includes the BEGIN and END lines
- Check that your Services ID is properly configured
Invalid redirect URI
- Verify the Return URL in the Apple Services ID configuration exactly matches the value shown under Provider setup in the Auth pane
- Check the domain in Domains and Subdomains matches your published domain (without
https://)
Email relay not working
- Verify the Email Source shows a green check in the Apple Developer portal
- Wait for DNS propagation if recently added
Not working on custom domain
- Add the custom-domain entries shown under Provider setup in the Auth pane to Domains and Subdomains (without
https://) and to Return URLs