As an indy developer, it's prohibitive to start developing backend receipt validation services. Is there anything else in Apple's technologies that we can use to verify whether the person who is using my app, has paid for it? The first thing I thought of when Apple rolled out Sign in with Apple ID, was hopefully, it would include some API that would allow me to ask a simply question: did this Apple ID pay for my app? As an indy developer, this is the one feature that would keep my paid app on the Mac App Store. Anyone have any good suggestions for solving this as an indy developer?

Hi We getting error in Apple Sign In "Sign-Up not completed", Apple sign in working fine for old Apps and old Bundle ids, But it's not working in new Apps and new Bundle ids We checked with other Apple Developer team accounts Apple Sign In is working on the same source code. But my Team account is getting an error. We enabled signing capabilities and added Sign in with Apple and we added Provisioning profile certificate also , but I am still getting the same error.

I am trying add Sign in with Apple but when I attempt to capability in my app nothing happens in the list does apple not able to provide this feature yet in Vision OS or is there any bug or may be ami missing something which does not seems?

Hello, The issues we previously identified still need your attention. If you have any questions, we are here to help. Reply to this message in App Store Connect and let us know. Review Environment Submission ID: 00fc9b08-3da8-4b89-8810-740174730062 Review date: April 21, 2024 Version reviewed: 1.0 Guideline 3.2.1 - Business - Other Business Model Issues - Acceptable Your app provides financial services but does not meet all the requirements for apps providing these services. Specifically: The app must be published under a seller and company name that is associated with the organization or company providing the services. In this case, your app must be published under a seller name and company name that reflects the Askmefund name. The account that submits the app must be enrolled in the Apple Developer Program as an organization, and not as an individual. These requirements give App Store users confidence that apps offering financial services are qualified to provide these services and will responsibly manage their data. Please provide ownership documentation or modify the vendor seller name. Please Help me.

Summary: Need help with Certificates, Identifiers and Profiles settings to allow two apps to use Sign in with Apple. Background: We have a web application (React, static JavaScript) that allows users to sign in with Apple, Google or Microsoft via OAuth/OIDC. We are developing a mobile application using React Native and Expo. Both the web application and the mobile application use the same backend (Django). For the mobile application, we added Google and Microsoft sign in via the same web-based OAuth/OIDC flow. For Sign in with Apple, we are using the expo-apple-authentication package to get the required native sign in experience. We have two active app identifiers: org.terraso.terraso; web app; primary Apple ID org.terraso.test.Terraso-LandPKS; mobile apple; Group with an existing primary App ID (selected (1), the web app) We have one services identifier: org.terraso.app; primary ID is web app (app identifier 1) above; URLs have been configured We have one app group: group.org.terraso (seems unused) On our backend app, we have code: https://github.com/techmatters/terraso-backend/blob/abc655e83eaca849e2bc24389946cc4f0bcd9d48/terraso_backend/apps/auth/providers.py#L84 and APPLE_CLIENT_ID is set to org.terraso.app (which matches the services identifier above In my local development environment, I have tried a few different combinations of IDs attempting to get this to work using the iOS simulator: (i) backend client id: org.terraso.app mobile app bundle Id: org.terraso.test.Terraso-LandPKS result: error: jwt.exceptions.InvalidAudienceError: Audience doesn't match (ii) backend: org.terraso.app mobile app: org.terraso.app result: clicking "Sign In" in Apple ID dialog is a no-op (no errors from client or server) (iii) backend: org.terraso.test.Terraso-LandPKS mobile app: org.terraso.test.Terraso-LandPKS result: works (but I can't use that in production, because the client ID is wrong) How can I configure Sign in with Apple to allow both the web app, the mobile app (and possible additional mobile apps) to work with the same backend? Do I need to us app groups? When do you use app groups vs "group with an existing primary apple id"?

We’re experiencing an issue with Apple SSO/OAuth that has started happening recently (first encountered about a week ago, but we’re not sure if that’s actually the first instance). When a NEW registration is received (including when a user unlinks their “login with apple” from their settings), we’re not getting the email or fullName despite our scopes including them. When we try with a brand new iCloud account that we know hasn’t been used on our service, we get the email but still no name. Has something changed recently in how we should be retrieving this data? We’re working with firebase and react-native, and it’s happening on both web and native. There’s nothing that’s changed auth-wise on our end. We did migrate subdomains but we updated them in the services section for private relay.

I know apple updated their policy related to sign in (see https://developer.apple.com/news/?id=f1v8pyay, "More flexibility for sign in options in apps" section), but the wording of the guidelines (https://developer.apple.com/app-store/review/guidelines/#login-services) is a bit difficult to understand: Apps that use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer as an equivalent option another login service with the following features: the login service limits data collection to the user’s name and email address; the login service allows users to keep their email address private as part of setting up their account; and the login service does not collect interactions with your app for advertising purposes without consent. As far as I can tell, FB, Google, Amazon, etc. do not offer these protections. Would Apple Sign In still be required in this case?

On iOS, Sign in with Apple will provide an e-mail address if the user is logging in for the first time. On all subsequent logins, the e-mail address will be missing. However, this can be reset by removing the app from your Apple ID. If you then try to login again, the e-mail dialog will popup again, and the app will receive this e-mail. On visionOS, however, the latter does not happen. Even if I have removed the app from my Apple ID, the e-mail dialog won't show up again. The only way to resolve this is to reset the visionOS simulator (haven't tried it on a real device).

Our website supports Apple login, but after logging in, the server obtains the private mailbox of Apple users, but we found that sending emails to this private mailbox failed. The following is the response result I sent to the privacy mailbox using Google mailbox

When transferring an app from one team to another, Sign in with Apple users have to me carefuly migrated since their unique identifiers are team-scoped. To migrate users from Team A to Team B, a transient transfer identifier, aka transfer_sub, has to be generated by Team A before the transfer to prepare the app data, using specific migration endpoints provided by Apple. "Preparing the app data" means, for example, associate database entries to the transfer id instead of the team-specific id. One the app has been transferred, and during 60 days, Team B will find the transfer_sub in ID tokens issued by Apple Sign In, and thanks to this shared identifier they can retrieve the user data and associate it to their new unique identifier. So far so good ! Now, the question : if an app is transferred from Team A to Team B, and then, shortly thereafter (a few days later), from team B to team C, will the transfer_sub related to the B-C transfer be different ? Or will they remain the same as the ones issued for the A-B transfer ? (I'm asking this question in order to avoid the possible catastrophe of an ill-prepared double app transfer) Thank you !

We have been having issues where apple has provided the same sub for two different users. I was under the impression the sub is supposed to be unique? The issue became exacerbated when we transfered an app from one org to another. On transferring the users. Two different transfer subs, resulted in the same sub.

Hello, our Sign in with Apple Button no longer works and throws an 7003 error. It worked a few days ago but suddenly fails. Any ideas how to fix this? Thanks in advance! plist: <dict> <key>com.apple.developer.applesignin</key> <array> <string>Default</string> </array> ... Code: var body: some View { VStack { SignInWithAppleButton(.signUp) { request in request.requestedScopes = [.fullName, .email] } onCompletion: { result in switch result { case .success(let authResults): handleSuccess(authorization: authResults) case .failure(let error): self.credentialFailure = true self.errorMessage = .appleSignInError logger.error("SIWA login failure: \(error)") } } .signInWithAppleButtonStyle(.white) .cornerRadius(GlobalValues.cornerRadius) } } Error: Authorization failed: Error Domain=AKAuthenticationError Code=-7003 "(null)" UserInfo={AKClientBundleID=com.our.app} ASAuthorizationController credential request failed with error: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1001 "(null)" SIWA login failure: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1001 "(null)"

Hello I'm using Akeeba social login plugin with Joomla. I have been struggling for a couple of days to configure the sign in with apple option. I followed the instructions provided by Akeeba. I'm able to click on the button, I go to apple, enter my apple id and password, then the system even does the 2FA. I get returned to the web site with the error Error code 400 received requesting access token: {"error":"invalid_client"}. I really don't know what can be wrong. I have been redoing the config for about 10 times. Any help will be appreciated. Thank you

Sign in with Apple doesn't support VisionOS, is there other way (api) to get user's account in VisionOS ?

I had implemented the Apple login feature and users were fully utilizing it. Then, all of a sudden, it started to fail with an "Invalid client scope " error. And My code is exactly scope="name email". I haven't changed any code for Apple Login, so why is this suddenly happening?

Hello Apple ID support, When a user successfully login with Apple, the apple OAuth will produce a appleIdToken. From my understanding this token is best to not leave the user device. I have two sub-system that can take a appleIdToken and manages the token-refresh separately. In short: Apple -> appleIdToken sub-SystemA(appleIdToken) and sub-systemB(appleIdToken) sub-SystemA and sub-systemB has two separate token management/refresh The question: Is this allowed by the Apple identify server? Is the usecase of supplying appleIdToken to sub-SystemA and sub-systemB valid?

I have followed the steps in this tutorial: https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-apple-id?pivots=b2c-custom-policy to create an Apple sign in for my application. From the Apple Developer Portal menu, I went to Certificates, IDs, & Profiles and created a Key. I then tried to sign the key be using this python script: import jwt import time def generate_token(): private_key = """[pasted key from Apple here]""" team_id = "[pasted team_id]" client_id = "[pasted client_id]" key_id = "[pasted key_id]" validity_minutes = 20 timestamp_now = int(time.time()) timestamp_exp = timestamp_now + (60 * validity_minutes) data = { "iss": team_id, "iat": timestamp_now, "exp": timestamp_exp, "aud": "https://appleid.apple.com", "sub": client_id } token = jwt.encode( payload=data, key=private_key, # Use the key directly without encoding as 'utf-8', jwt.encode handles this. algorithm="ES256", headers={"kid": key_id} ) print(token) generate_token() I don't think this worked because I am getting an error after I sign in. Is there some other script I can use?

Question about "Sign in with Apple". Can 2 apps from 2 different developer accounts (hence, 2 different team ID) share authentications? In other words, can I get consistent user ID from 2 different app under 2 different developer account? Is there a way to configure that from developer portal? Thanks Bill