User Sign Up, Sign In, and Authentication with Apple
Last updated
Last updated
Sign In with Apple is a feature provided by Apple that allows users to create accounts and sign in to apps using their Apple ID. It is designed to enhance user privacy and security while simplifying the login process for both developers and users.
According to Apple’s App Store Review Guidelines, apps that use a third-party or social login service such as Google Sign-In to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option. You can read more about this requirement and acceptable exceptions here: App Store Review Guidelines - Sign in with Apple.
Setting up user sign-in with Apple requires going back and forth between your Thunkable project and your Apple Developer account. As a result, we recommend you have a tab in your browser open for each that you can easily navigate between.
In this tutorial, we’ll show you how to use Apple to authenticate your users and allow them to sign in and sign out of your app.
Template app:
Click Copy Project or Edit Project in the upper right.
Please note that while the images and instructions from the Apple Developer account are accurate at the time of this doc’s publishing, they may change slightly over time.
To allow end users of your Thunkable-built app to sign up and sign in to your app using their already existing Apple ID:
Sign in to your Apple Developer account. Don't have an Apple Developer account yet? You can learn more and sign up for one here: Create Your Apple ID
Under the Certificates, IDs & Profiles heading, select Identifiers.
Click the blue + icon to add a new identifier to your account.
Choose App IDs from the list of options.
Click Continue.
Select App.
Click Continue.
On the Register an App ID screen, complete or take note of the following fields:
Description - This is the name you want to give your app. It appears next to the app icon when downloaded on a user's device. It must be unique to the App Store and cannot use special characters such as @, &, *, "
Bundle ID - This is also unique to your app, but not visible to your app users. Apple recommends reversing your domain name to create your bundle ID, i.e. com.yourDomainName.yourAppName to avoid conflicts with other apps.
Uploading apps to the App Store requires an Explicit Bundle ID. Wildcard bundle IDs are no longer accepted.
App ID Prefix (Team ID) - Record your App ID Prefix or Team ID. This automatically created, unique identifier is linked to your Apple Developer Program membership. The same ID can be used for every app you publish.
Record the values of these fields somewhere safe.
Scroll down and click to enable the Sign in with Apple capability.
Click Continue.
Confirm that the details are correct.
Click Register.
The new App ID you created is included in your list of Identifiers. Click the app's name to review its Description, App ID Prefix (Team ID), or Bundle ID.
If not already on the Identifiers screen, under the Certificates, IDs & Profiles heading, select Identifiers.
Click the blue + icon to add a new identifier to your account.
Choose Services IDs from the list of options.
Click Continue.
On the Register a Services ID screen, complete the following fields:
Description - This is the name you want to give your app.
Identifier - Although Apple recommends that you use the same format as the Bundle ID, this identifier must be different from the Bundle ID. We recommend adding .servicesID to the end of your Bundle ID (e.g. com.yourDomainName.yourAppName.servicesID).
Copy the Services ID
Click Continue.
Confirm that the details are correct.
Click Register.
Click the newly created Services ID in your list of identifiers to edit it.
Check the box for Sign in with Apple.
Click Configure.
Select the App ID you created from the dropdown.
In the Domains and Subdomains field, enter: thunkable.site
In the Return URLs field, enter: https://thunkable.site
Cick Next.
Confirm your web authentication configuration and then click Done.
Click Continue.
Click Save.
Complete key generation by ensuring the "Sign in with Apple" box is checked.
Within your Thunkable project, click the Settings gear icon in the left sidebar.
Scroll down to the OAuth Settings section header.
In the Apple Web Client ID field, paste the copied Services ID.
In the Apple Web Redirect URI field, input: https://thunkable.site
To access the Apple authentication block:
Navigate to the Blocks tab.
In the App Features section, click Sign In.
A drawer of authentication blocks opens.
The first time an app's end user signs in to an app with Apple, this block will return the following:
Output | Description |
---|---|
User ID | The unique identifier assigned to the authenticated user, which can be used to differentiate and identify individual users within the app. Note: This differs from the user's Apple ID for iCloud or the Apple App Store. |
Given name | The user's first or given name, which represents their personal name. |
Family name | The user's last name or surname, which represents their family name. |
Email address | The user's unique email identifier. Note: Users may use Apple's Hide My Email feature to generate a random email address. |
Authorization code | A temporary code granted to the app by Apple's authentication system, which the app can exchange for access tokens, allowing it to access the user's data. |
Identity token | A JSON Web Token (JWT) that contains user information, such as the user's email address and a unique identifier, which can be used to verify the user's identity. |
Error | An indication of a problem, issue, or unexpected condition that occurs during app operation, which may be displayed to the user or used for debugging and error handling by developers. |
Subsequent sign ins or uses of this block will only return the User ID. You are responsible for storing the User ID, Authorization code, Identity token, and any other information needed to retrieve or update the user's profile information for future sign ins. The user will still be able to sign in, but their name and email address will not be updated.
If the user is not signed in and fails or rejects sign in, the get profile from Apple block returns an error. For web apps, no blocks, including errors, are returned if the user rejects sign in (as opposed to fails sign in).
To collapse the block to streamline your block combinations:
Right-click on the block.
Select Expand Block.