Setup Sign In with Apple for PlayFab

This guide covers the series of steps needed to setup your PlayFab applications to take advanced of Sign In with Apple.

Setup your App ID

Before you can use Sign In with Apple in your applications, you'll need to address some setup steps in the Certificates, Identifiers & Profiles section of Apple's Developer Portal.

  1. Sign in to your Apple Developer Program.

  2. Select Member Center > Certificates > Identifiers & Profiles.

  3. In the left-hand column of the Apple Developer Portal, select Identifiers.

  4. In the Identifiers pane, select the (+) add button. apple-dev-certificates-hub.png

    Certificates, Identifiers and Profiles screen

  5. Select App IDs. If you already have an App ID, choose to edit it instead.

    Create a new App ID

  6. In the Register an App ID pane, enter the following information:

    1. Description: The name of your app, without any special characters.
    2. Bundle ID: The Bundle ID should be a reverse DNS style string. For example, com.playfab.myapp.
  7. Scroll down through the list of capabilities and select Sign In with Apple.

    Register the App ID

  8. Select Continue.

  9. On the Confirm your App ID page, check the information you’ve provided and then select Submit.

Create a Service ID

  1. Return to the Certificates, Identifiers & Profiles pane and select the (+) add button.

  2. Select Service IDs.

    The description displays the name of the app the user sees during the login flow. The identifier is the OAuth client_id.

  3. Select the Sign In with Apple check box.

  4. Select Configure.

Web Authentication Configuration

Here you will define the domain your Title is running on and the redirect URLs that are used during the OAuth flow. Make sure your associated App ID is chosen as the Primary App ID. You must use a real domain for the redirect url, localhost isn’t accepted, and an IP will fail later in the flow.

Web Authentication Configuration screen

In the configuration panel, select your Primary App ID.

Next, choose the Web Domain you configured previously.

Finally, add one or more Return URLs. Any redirect_uri you use later must be registered here exactly as you use it. Make sure you include the http:// or https:// in the URL when you enter it.


For testing purposes, you cannot use or localhost, but you can use other domains such as local.test. If you choose to do this, you can edit your machine's hosts file to resolve this fictitious domain to your local IP address.

Select Save, Continue, and Register. The Identifier you entered for your Services ID is your OAuth client_id. In this example it is com.playfab.

Save your changes when finished.

Create a key for your Services ID

  1. Return to the Certificates, Identifiers & Profiles pane and select Keys in the left-hand column.

  2. In Key Name, enter a name to identify the key.

  3. Select the Sign in with Apple check box and then select Configure.

    Create a new Key

  4. Ensure that the correct Primary App ID is selected and select Save.

  5. Select Continue and then Register to create the key.


This is the only opportunity that you have to download the key. It can only be downloaded once.

  1. Select Download and store the key in a secure location.

Download Key

Also, take note of your Key ID at this step. This will be used for your KeyId later on.

The file is a .p8 key file. The file contents are plain text, To make the file easier to work with, change the name of the file to key.txt. If you view the file in a text editor it will look something like:


Generate the Client Secret

Apple requires that you create a client secret from your private key. The client secret must be generated using the ES256 JWT algorithm.

One way to generate the client secret is to use the script. You can obtain the script from GitHub at

To use the script to generate the client secret:

  1. Copy the script to your locale machine and save it in the folder in which your key.txt file is located.

  2. Open the script in a text editor and enter the values provided by Apple for team_id, client_id, and key_id.

    • You will have the client_id from the previous step.
    • team_id is displayed in the top right corner of the screen of your developer account.
    • Use the key_id from the previous step.
  3. Save the updates.

  4. From the command line, run the script:



The client secret expires in six months. This is maximum lifetime that Apple allows.

Set up Open ID Connect In PlayFab Game Manager

To configure Open ID Connect In PlayFab Game Manager:

  1. Log in to the PlayFab Game Manger.
  2. Select your Title.
  3. It the upper left corner, next to the name of your title, select the gear icon.
  4. From the drop-down menu, select Title Settings.
  5. Select the OpenID Connect tab.
  6. Select New Connection.
  7. On the New Connection pane, enter your Connection ID, Client ID, Client secret, and Issuer.
    • Connection ID: Your Apple client-id
    • Client ID: Your Apple Bundle ID
    • Client secret: Your client secret
    • Issuer: Must be