Setup Sign In with Apple for PlayFab
This guide covers the series of steps needed to setup your PlayFab applications to take advanced of Sign In with Apple.
Setup your App ID
Before you can use Sign In with Apple in your applications, you'll need to address some setup steps in the Certificates, Identifiers & Profiles section of Apple's Developer Portal.
Sign in to your Apple Developer Program.
Select Member Center > Certificates > Identifiers & Profiles.
In the left-hand column of the Apple Developer Portal, select Identifiers.
In the Identifiers pane, select the (+) add button. apple-dev-certificates-hub.png
Select App IDs. If you already have an App ID, choose to edit it instead.
In the Register an App ID pane, enter the following information:
- Description: The name of your app, without any special characters.
- Bundle ID: The Bundle ID should be a reverse DNS style string. For example,
Scroll down through the list of capabilities and select Sign In with Apple.
On the Confirm your App ID page, check the information you’ve provided and then select Submit.
Create a Service ID
Return to the Certificates, Identifiers & Profiles pane and select the (+) add button.
Select Service IDs.
The description displays the name of the app the user sees during the login flow. The identifier is the OAuth
Select the Sign In with Apple check box.
Web Authentication Configuration
Here you will define the domain your Title is running on and the redirect URLs that are used during the OAuth flow. Make sure your associated App ID is chosen as the Primary App ID. You must use a real domain for the redirect url, localhost isn’t accepted, and an IP will fail later in the flow.
In the configuration panel, select your Primary App ID.
Next, choose the Web Domain you configured previously.
Finally, add one or more Return URLs. Any
redirect_uri you use later must be registered here exactly as you use it. Make sure you include the
https:// in the URL when you enter it.
For testing purposes, you cannot use
localhost, but you can use other domains such as
local.test. If you choose to do this, you can edit your machine's
hosts file to resolve this fictitious domain to your local IP address.
Select Save, Continue, and Register. The Identifier you entered for your Services ID is your OAuth
client_id. In this example it is
Save your changes when finished.
Create a key for your Services ID
Return to the Certificates, Identifiers & Profiles pane and select Keys in the left-hand column.
In Key Name, enter a name to identify the key.
Select the Sign in with Apple check box and then select Configure.
Ensure that the correct Primary App ID is selected and select Save.
Select Continue and then Register to create the key.
This is the only opportunity that you have to download the key. It can only be downloaded once.
- Select Download and store the key in a secure location.
Also, take note of your Key ID at this step. This will be used for your
KeyId later on.
The file is a
.p8 key file. The file contents are plain text, To make the file easier to work with, change the name of the file to
key.txt. If you view the file in a text editor it will look something like:
-----BEGIN PRIVATE KEY----- MIGTAgEAMBMGBasGSM49AgGFCCqGSM49AwEHBHkwdwIBAQQg3MX8n6VnQ2WzgEy0 Skoz9uOvatLMKTUIPyPCAejzzUCgCgYIKoZIzj0DAQehRANCAARZ0DoM6QPqpJxP JKSlWz0AohFhYre10EXPkjrih4jTm+b0AeG2BGuoIWd18i8FimGDgK6IzHHPsEqj DHF5Svq0 -----END PRIVATE KEY-----
Generate the Client Secret
Apple requires that you create a client secret from your private key. The client secret must be generated using the ES256 JWT algorithm.
One way to generate the client secret is to use the create_secret.py script. You can obtain the script from GitHub at https://github.com/rbrezynski/GenerateJWT-python/blob/master/create_secret.py.
To use the script to generate the client secret:
Copy the script to your locale machine and save it in the folder in which your key.txt file is located.
Open the script in a text editor and enter the values provided by Apple for
- You will have the
client_idfrom the previous step.
team_idis displayed in the top right corner of the screen of your developer account.
- Use the
key_idfrom the previous step.
- You will have the
Save the updates.
From the command line, run the script:
The client secret expires in six months. This is maximum lifetime that Apple allows.
Set up Open ID Connect In PlayFab Game Manager
To configure Open ID Connect In PlayFab Game Manager:
- Log in to the PlayFab Game Manger.
- Select your Title.
- It the upper left corner, next to the name of your title, select the gear icon.
- From the drop-down menu, select Title Settings.
- Select the OpenID Connect tab.
- Select New Connection.
- On the New Connection pane, enter your Connection ID, Client ID, Client secret, and Issuer.
- Connection ID: Your Apple client-id
- Client ID: Your Apple Bundle ID
- Client secret: Your client secret
- Issuer: Must be https://appleid.apple.com