๐ Sign in with Apple
What it is
Apple's privacy-focused single sign-on. Users authenticate with their Apple ID (Face ID / Touch ID) and can choose Hide My Email, which gives your backend a relay address like abc123@privaterelay.appleid.com instead of their real email. You receive a stable, app-scoped user identifier plus an identity token (JWT) you verify server-side.
When you need it
Mandatory whenever your app offers any third-party login (Google, Facebook, X, GitHub, etc.) โ App Review Guideline 4.8 requires an equivalent privacy-preserving option, and Sign in with Apple is the de-facto way to satisfy it. Not required if you only offer email/password, phone-number auth, or no accounts at all.
If your app has accounts at all, Apple also requires in-app account deletion (Guideline 5.1.1(v)) โ plan both together.
Setup
All stacks
- In the developer portal (
Certificates, Identifiers & Profiles โ Identifiers), edit your App ID and check Sign in with Apple. - If you validate tokens server-side or use it on web/Android, create a Services ID and a Sign in with Apple key (
.p8) underKeys. - Verify the identity token's signature against Apple's public keys (
https://appleid.apple.com/auth/keys) on your backend โ never trust the client alone.
Native (Xcode)
Xcode: select your target โ Signing & Capabilities โ + Capability โ Sign in with Apple. Use AuthenticationServices (ASAuthorizationAppleIDButton, ASAuthorizationController). Apple only delivers the user's name/email on the first authorization โ persist it immediately.
Expo
Install expo-apple-authentication and add it to plugins in app.json; set "usesAppleSignIn": true under expo.ios. EAS Build configures the entitlement automatically. Use AppleAuthentication.signInAsync().
React Native (bare)
Use @invertase/react-native-apple-authentication. Add the capability in Xcode (Signing & Capabilities โ + Capability โ Sign in with Apple), run pod install, then render AppleButton and call appleAuth.performRequest().
Flutter
Use the sign_in_with_apple package. Add the capability to ios/Runner in Xcode, then call SignInWithApple.getAppleIDCredential(). Pair with firebase_auth's OAuthProvider('apple.com') if you use Firebase.
App Review rules
- Guideline 4.8: required if any third-party (non-first-party) login exists. The Apple button should be given equal prominence โ don't bury it below the fold.
- Follow Apple's Human Interface Guidelines button styles โ reviewers do reject home-made buttons that misuse the Apple logo.
- Apps with accounts must also offer account deletion in-app (5.1.1(v)); a web link is only acceptable if it goes directly to a deletion flow.
Privacy label impact
Declare Email Address and Name under Data Linked to You if you store them (even relay addresses count as email collection). The app-scoped user ID counts as a User ID. Sign in with Apple itself adds no tracking disclosure.