Setup user authentication with Login with Apple

This article provides a quick start guide for adding Apple Login to Authress, so that your users can use their Apple Account Login to authenticate into your software.

info

If you are looking to enable admin login access into the Authress Management Portal using your corporate IdP see the Authress Management Portal SSO Configuration.

In this guide we’ll set up Apple Accounts login. Setting up authentication requires the following parts:

Authress-Apple OAuth configuration
Apple Developer Account Registration
Testing the configuration

Prerequisite 1: Apple Developer Account

In order to enable your users to log in with their Apple Account, you will first need a Apple account. You can do that by Registering for a Apple account.

You’ll need to create a Apple account to set up an app.

Prerequisite 2: Apple App

Additionally you'll already want to have an app registered with Apple. Apple requires an app in order to use their sign up, but you don't need to actually create an app if you aren't submitting anything to their store. This Apple Application is what your users will see when the choose to sign in with Apple, even if you never direct them to a mobile application.

Authress Connection configuration

The first step is enabling the Apple preconfigured Authress connection in the Authress Management Portal.

Authress preconfigured Apple connection

You will see there are the missing fields Client ID and Developer Private Key, Private Key ID, and Account Team ID.

Now we can create a new Apple Services ID.

1. Authentication and account creation

First copy your Team Id from the portal which can be seen in the top right hand corner. You'll copy this value to Authress in the Account Team ID field.

2. Generating the Service Client ID

Register a new identifier of the Services IDs type and click continue.
Enable Sign in with Apple and click Configure
Set the Website URLs to be your Authress Custom Domain url. This is the domain you set up in your Authress account. We'll assume for this example it is auth.yourdomain.com.
Set the Return URLs to be the actual full url: https://auth.yourdomain.com/login. This value is available in your new Authress Connection for Apple in the Complete Setup section of the connection from the previous step.

Complete Authress Setup

3. Configuring the key

Next we'll create a Developer Key. Follow the Apple instructions to create a developer key which can be secure the communication between Authress and Apple.

App Registration type selection

Once downloaded you can upload this key in the Authress Management Portal for the Apple connection.
Copy the Services ID from the Apple service to the Authress property Client ID. This value should be something similar to your app domain name in reverse com.company.app-name.
Lastly, paste the contents of the Developer key into the Developer Private Key field. Enter the Key ID associated with the private key you just created.

Validate the configuration

Now the setup is complete and you are ready to test connection. You can test the connection in the Authress Connection configuration by clicking Test Connection:

Test Connection in Authress

When everything is configured correctly you'll see the test login success screen:

Correct Apple configuration in Authress

Troubleshooting

Invalid Return URLs

If you see this error indicating an problem with the Return URLs, make sure only one Return URL is specified before clicking Next. The only Return URL, you need is: https://auth.yourdomain.com/login. Where this matches your custom domain.

One or more Return URLs are invalid for Apple

Prerequisite 1: Apple Developer Account​

Prerequisite 2: Apple App​

Authress Connection configuration​

Login with Apple Service registration​

1. Authentication and account creation​

2. Generating the Service Client ID​

3. Configuring the key​

Validate the configuration​

Troubleshooting​

Invalid Return URLs​