Skip to main content
This guide walks you through configuring Sign in with Apple for your app’s authentication. This requires creating an App ID, Services ID, and Private Key in the Apple Developer portal.

Prerequisites

  • A published Replit app (you need a deployment URL like your-app.replit.app)
  • An Apple Developer account (requires enrollment in the Apple Developer Program)

Step 1: Publish your app

Before configuring custom OAuth credentials, you need a published deployment URL. You’ll need the URL when setting up your custom Apple credentials.
  1. Publish your app from the Replit workspace
  2. Note your published URL (e.g., https://your-app.replit.app)

Step 2: Create an Apple App ID

  1. Navigate to the Apple Developer portal
  2. Go to Certificates, IDs & Profiles then Identifiers
  3. Select App IDs from the dropdown
  4. Select the + icon to register a new identifier
  5. Select App IDs, then Continue
  6. Choose App, then Continue
  7. Fill in:
    • Description: Name for your App ID
    • Bundle ID: Your unique identifier
  8. Enable Sign In with Apple under Capabilities
  9. Select Continue, then Register
  10. Save your App ID Prefix (shown at top) - this is your Team ID

Step 3: Create an Apple Services ID

  1. On the Identifiers page, select Services IDs from the dropdown
  2. Select + to register a new identifier
  3. Select Services IDs, then Continue
  4. Fill in:
    • Description: Name for your Services ID
    • Identifier: Your unique identifier (save this - it’s your Services ID)
  5. Select Continue, then Register

Configure the Services ID

  1. Select your newly created Services ID
  2. Enable Sign In with Apple
  3. Select Configure
  4. Set:
    • Primary App ID: Select your App ID from Step 2
    • Domains and Subdomains: Add your published domain without the protocol: 
      your-app.replit.app
    • Return URLs: The return URL is your published domain followed by /__clerk/v1/oauth_callback: 
      https://your-app.replit.app/__clerk/v1/oauth_callback
  5. Select Next, then Done, then Continue, then Save

Step 4: Create an Apple Private Key

  1. In the Apple Developer portal sidebar, select Keys
  2. Select + to register a new key
  3. Enter a Key Name
  4. Enable Sign In with Apple
  5. Select Configure, then select your App ID from Step 2
  6. Select Save, then Continue, then Register
  7. Save the Key ID
  8. Download the private key file (.p8)
You can only download the private key once. Store it securely - you cannot download it again.

Step 5: Configure Apple Private Email Relay

Apple’s Hide My Email feature lets users sign in without revealing their real email. To send emails to these users, register your email source.
  1. In the Apple Developer portal sidebar, select Services
  2. Under Sign in with Apple for Email Communication, select Configure
  3. Select + to add an Email Source
  4. Enter the Email Source value from the Replit Auth configuration form
  5. Select Next, then Register, then Done
  6. Wait for DNS verification (green check icon)
In some regions (China, India), Apple IDs may be tied to phone numbers instead of email. If your app requires email for all users, Sign in with Apple may fail for users in these regions.

Step 6: Enter credentials in Replit

  1. In your Repl, navigate to the Auth pane
  2. Select the Configure tab
  3. Select Production environment
  4. Select the Edit button next to Apple
  5. Toggle on Use custom credentials
  6. Enter all the values you collected:
    • Team ID (App ID Prefix from Step 2)
    • Services ID (Identifier from Step 3)
    • Key ID (from Step 4)
    • Private Key: Open the .p8 file in a text editor, copy the entire contents including the -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- lines
  7. Select Save changes
  8. Toggle Apple to Enabled

Step 7: Test your integration

  1. Open your published app’s login page
  2. Select Sign in with Apple
  3. Complete the Apple sign-in flow
  4. Verify successful authentication

Troubleshooting

Invalid client

  • Verify all credentials are entered correctly
  • Ensure the Private Key includes the BEGIN and END lines
  • Check that your Services ID is properly configured

Invalid redirect URI

  • Verify the Return URL in the Apple Services ID configuration is exactly https://your-app.replit.app/__clerk/v1/oauth_callback
  • Check the domain in Domains and Subdomains matches your published domain (without https://)

Email relay not working

  • Verify the Email Source shows a green check in the Apple Developer portal
  • Wait for DNS propagation if recently added

Not working on custom domain

  • Add your custom domain to Domains and Subdomains in the Services ID configuration (without https://)
  • Add https://your-custom-domain.com/__clerk/v1/oauth_callback as an additional Return URL
  • Republish your app

Additional resources