AppleAuthentication

expo-apple-authentication provides Apple authentication for iOS 13+. It does not yet support lower iOS versions, Android, or web.

Beginning with iOS 13, any app that includes third-party authentication options must provide Apple authentication as an option in order to comply with App Store Review guidelines. Learn more about Apple authentication on the "Sign In with Apple" website.

Platform Compatibility

Android Device	Android Emulator	iOS Device	iOS Simulator	Web

Installation

Terminal

→ expo install expo-apple-authentication

If you're installing this in a bare React Native app, you should also follow these additional installation instructions.

Configuration

EAS Build

This guide assumes auto capability sync is enabled (Default). Otherwise you'll need to manually enable the capabilities for your bundle identifier through the Apple Developer Console.

Managed Workflow

Build with eas build -p ios. EAS Build and the config plugin will automatically configure this service with Apple.

Bare Workflow

Ensure you've added enabled the Apple Sign In capability, either through the Xcode:

Signing & Capabilities > + Capability > Sign in with Apple

Or by adding the entitlement to your ios/[app]/[app].entitlements file

<key>com.apple.developer.applesignin</key>
<array>
  <string>Default</string>
</array>

Add "CFBundleAllowMixedLocalizations": true to your ios/[app]/Info.plist to ensure the sign in button uses the device locale.
Build with eas build -p ios. EAS Build will automatically configure this service with Apple.

Classic Build

For managed projects, set ios.usesAppleSignIn to true in app.json. For bare, enable the "Sign In with Apple" capability in your app. For bare projects, enable the capability in Xcode under "Signing & Capabilities" -- you'll need to be on Xcode 11 or later.
Log into the Apple Developer Console, go to "Certificates, Identifiers, & Profiles" and then "Identifiers".
You need to choose a primary app for the Apple Sign In configuration. This is the app whose icon will show up in the Apple Sign In system UI. If you have a set of related apps you might choose the "main" app as the primary, but most likely you'll want to just use the app you're working on now as the primary.
In the list of identifiers, click on the one corresponding to your primary app. Enable the "Sign In with Apple" capability, click "Edit", and choose the "Enable as a primary App ID" option. Save the new configuration.
If you chose a different app to be the primary, you'll also need to open up the configuration page for your current app, enable the "Sign In with Apple" capability, click "Edit" and choose the "Group with an existing primary App ID" option. Save this configuration as well.
Next, go to the "Keys" page and register a new key. Add the "Sign In with Apple" capability, and make sure to choose the correct primary app on the configuration screen.
Finally, when you want to make a standalone build to test with, run expo build:ios --clear-provisioning-profile --revoke-credentials so that your provisioning profile is regenerated with the new entitlement.
(Optional) If you'd like to localize the button text, you can add "CFBundleAllowMixedLocalizations": true to your ios.infoPlist property in your app.json. Note: The localized value will only appear in your standalone app.

Usage

import * as AppleAuthentication from 'expo-apple-authentication';

function YourComponent() {
  return (
    <AppleAuthentication.AppleAuthenticationButton
      buttonType={AppleAuthentication.AppleAuthenticationButtonType.SIGN_IN}
      buttonStyle={AppleAuthentication.AppleAuthenticationButtonStyle.BLACK}
      cornerRadius={5}
      style={{ width: 200, height: 44 }}
      onPress={async () => {
        try {
          const credential = await AppleAuthentication.signInAsync({
            requestedScopes: [
              AppleAuthentication.AppleAuthenticationScope.FULL_NAME,
              AppleAuthentication.AppleAuthenticationScope.EMAIL,
            ],
          });
          // signed in
        } catch (e) {
          if (e.code === 'ERR_CANCELED') {
            // handle that the user canceled the sign-in flow
          } else {
            // handle other errors
          }
        }
      }}
    />
  );
}

Development and Testing

You can test this library in development in Expo Go on iOS without following any of the instructions above; however, you'll need to do this setup in order to use Apple Authentication in your standalone app. When you sign into Expo Go, the identifiers and values you receive will likely be different than what you'll receive in standalone apps.

You can do limited testing of this library on the iOS simulator. However, not all methods will behave the same as on a device, so we highly recommend testing on a real device when possible while developing.

Verifying the Response from Apple

Apple's response includes a signed JWT with information about the user. To ensure that the response came from Apple, you can cryptographically verify the signature with Apple's public key, which is published at https://appleid.apple.com/auth/keys. This process is not specific to Expo.

API

import * as AppleAuthentication from 'expo-apple-authentication';

Component

`AppleAuthenticationButton`

Type: React.FC<AppleAuthenticationButtonProps>

This component displays the proprietary "Sign In with Apple" / "Continue with Apple" button on your screen. The App Store Guidelines require you to use this component to start the authentication process instead of a custom button. Limited customization of the button is available via the provided properties.

You should only attempt to render this if AppleAuthentication.isAvailableAsync() resolves to true. This component will render nothing if it is not available, and you will get a warning in development mode (__DEV__ === true).

The properties of this component extend from View; however, you should not attempt to set backgroundColor or borderRadius with the style property. This will not work and is against the App Store Guidelines. Instead, you should use the buttonStyle property to choose one of the predefined color styles and the cornerRadius property to change the border radius of the button.

Make sure to attach height and width via the style props as without these styles, the button will not appear on the screen.

See: Apple Documentation for more details.

Props

`buttonStyle`

Type: AppleAuthenticationButtonStyle

The Apple-defined color scheme to use to display the button.

`buttonType`

Type: AppleAuthenticationButtonType

The type of button text to display ("Sign In with Apple" vs. "Continue with Apple").

`cornerRadius`

Optional • Type: number

The border radius to use when rendering the button. This works similarly to style.borderRadius in other Views.

`style`

Optional • Type: StyleProp<Omit<ViewStyle, 'backgroundColor' | 'borderRadius'>>

The custom style to apply to the button. Should not include backgroundColor or borderRadius properties.

`onPress`

Type: () => void

The method to call when the user presses the button. You should call AppleAuthentication.signInAsync in here.

Inherited Props

ViewProps

Methods

`AppleAuthentication.getCredentialStateAsync(user)`

Name	Type	Description
user	`string`	The unique identifier for the user whose credential state you'd like to check. This should come from the user field of an `AppleAuthenticationCredential` object.

Queries the current state of a user credential, to determine if it is still valid or if it has been revoked.

Note: This method must be tested on a real device. On the iOS simulator it always throws an error.

Returns

Promise<AppleAuthenticationCredentialState>

A promise that fulfills with an AppleAuthenticationCredentialState value depending on the state of the credential.

`AppleAuthentication.isAvailableAsync()`

Determine if the current device's operating system supports Apple authentication.

Returns

Promise<boolean>

A promise that fulfills with true if the system supports Apple authentication, and false otherwise.

`AppleAuthentication.refreshAsync(options)`

Name	Type	Description
options	`AppleAuthenticationRefreshOptions`	An `AppleAuthenticationRefreshOptions` object

An operation that refreshes the logged-in user’s credentials. Calling this method will show the sign in modal before actually refreshing the user credentials.

Returns

Promise<AppleAuthenticationCredential>

A promise that fulfills with an AppleAuthenticationCredential object after a successful authentication, and rejects with ERR_CANCELED if the user cancels the refresh operation.

`AppleAuthentication.signInAsync(options)`

Name	Type	Description
options (optional)	`AppleAuthenticationSignInOptions`	An optional `AppleAuthenticationSignInOptions` object

Sends a request to the operating system to initiate the Apple authentication flow, which will present a modal to the user over your app and allow them to sign in.

You can request access to the user's full name and email address in this method, which allows you to personalize your UI for signed in users. However, users can deny access to either or both of these options at runtime.

Additionally, you will only receive Apple Authentication Credentials the first time users sign into your app, so you must store it for later use. It's best to store this information either server-side, or using SecureStore, so that the data persists across app installs. You can use AppleAuthenticationCredential.user to identify the user, since this remains the same for apps released by the same developer.

Returns

Promise<AppleAuthenticationCredential>

A promise that fulfills with an AppleAuthenticationCredential object after a successful authentication, and rejects with ERR_CANCELED if the user cancels the sign-in operation.

`AppleAuthentication.signOutAsync(options)`

Name	Type	Description
options	`AppleAuthenticationSignOutOptions`	An `AppleAuthenticationSignOutOptions` object

An operation that ends the authenticated session. Calling this method will show the sign in modal before actually signing the user out.

It is not recommended to use this method to sign out the user as it works counterintuitively. Instead of using this method it is recommended to simply clear all the user's data collected from using signInAsync or refreshAsync methods.

Returns

Promise<AppleAuthenticationCredential>

A promise that fulfills with an AppleAuthenticationCredential object after a successful authentication, and rejects with ERR_CANCELED if the user cancels the sign-out operation.

Event Subscriptions

`AppleAuthentication.addRevokeListener(listener)`

Name	Type	Description
listener	`() => void`	-

Returns

Subscription

Types

`AppleAuthenticationCredential`

The object type returned from a successful call to AppleAuthentication.signInAsync(), AppleAuthentication.refreshAsync(), or AppleAuthentication.signOutAsync() which contains all of the pertinent user and credential information.

See: Apple Documentation for more details.

Name	Type	Description
authorizationCode	`string \| null`	A short-lived session token used by your app for proof of authorization when interacting with the app's server counterpart. Unlike `user`, this is ephemeral and will change each session.
email	`string \| null`	The user's email address. Might not be present if you didn't request the `EMAIL` scope. May also be null if this is not the first time the user has signed into your app. If the user chose to withhold their email address, this field will instead contain an obscured email address with an Apple domain.
fullName	`AppleAuthenticationFullName \| null`	The user's name. May be `null` or contain `null` values if you didn't request the `FULL_NAME` scope, if the user denied access, or if this is not the first time the user has signed into your app.
identityToken	`string \| null`	A JSON Web Token (JWT) that securely communicates information about the user to your app.
realUserStatus	`AppleAuthenticationUserDetectionStatus`	A value that indicates whether the user appears to the system to be a real person.
state	`string \| null`	An arbitrary string that your app provided as `state` in the request that generated the credential. Used to verify that the response was from the request you made. Can be used to avoid replay attacks. If you did not provide `state` when making the sign-in request, this field will be `null`.
user	`string`	An identifier associated with the authenticated user. You can use this to check if the user is still authenticated later. This is stable and can be shared across apps released under the same development team. The same user will have a different identifier for apps released by other developers.

`AppleAuthenticationFullName`

An object representing the tokenized portions of the user's full name. Any of all of the fields may be null. Only applicable fields that the user has allowed your app to access will be nonnull.

Name	Type	Description
familyName	`string \| null`	-
givenName	`string \| null`	-
middleName	`string \| null`	-
namePrefix	`string \| null`	-
nameSuffix	`string \| null`	-
nickname	`string \| null`	-

`AppleAuthenticationRefreshOptions`

The options you can supply when making a call to AppleAuthentication.refreshAsync(). You must include the ID string of the user whose credentials you'd like to refresh.

See: Apple Documentation for more details.

Name	Type	Description
requestedScopes (optional)	`AppleAuthenticationScope[]`	Array of user information scopes to which your app is requesting access. Note that the user can choose to deny your app access to any scope at the time of logging in. You will still need to handle `null` values for any scopes you request. Additionally, note that the requested scopes will only be provided to you the first time each user signs into your app; in subsequent requests they will be `null`. Defaults to `[]` (no scopes).
state (optional)	`string`	An arbitrary string that is returned unmodified in the corresponding credential after a successful authentication. This can be used to verify that the response was from the request you made and avoid replay attacks. More information on this property is available in the OAuth 2.0 protocol RFC6749.
user	`string`	-

`AppleAuthenticationSignInOptions`

The options you can supply when making a call to AppleAuthentication.signInAsync(). None of these options are required.

See: Apple Documentation for more details.

Name	Type	Description
nonce (optional)	`string`	An arbitrary string that is used to prevent replay attacks. See more information on this in the OpenID Connect specification.
requestedScopes (optional)	`AppleAuthenticationScope[]`	Array of user information scopes to which your app is requesting access. Note that the user can choose to deny your app access to any scope at the time of logging in. You will still need to handle `null` values for any scopes you request. Additionally, note that the requested scopes will only be provided to you the first time each user signs into your app; in subsequent requests they will be `null`. Defaults to `[]` (no scopes).
state (optional)	`string`	An arbitrary string that is returned unmodified in the corresponding credential after a successful authentication. This can be used to verify that the response was from the request you made and avoid replay attacks. More information on this property is available in the OAuth 2.0 protocol RFC6749.

`AppleAuthenticationSignOutOptions`

The options you can supply when making a call to AppleAuthentication.signOutAsync(). You must include the ID string of the user to sign out.

See: Apple Documentation for more details.

Name	Type	Description
state (optional)	`string`	An arbitrary string that is returned unmodified in the corresponding credential after a successful authentication. This can be used to verify that the response was from the request you made and avoid replay attacks. More information on this property is available in the OAuth 2.0 protocol RFC6749.
user	`string`	-

`Subscription`

Name	Type	Description
remove	`() => void`	A method to unsubscribe the listener.

See: Apple Documentation for more details.

Note that it is possible that you will not be granted all of the scopes which you request. You will still need to handle null values for any fields you request.

See: Apple Documentation for more details.

Code	Description
ERR_APPLE_AUTHENTICATION_CREDENTIAL	The request to get credential state failed. See the error message for additional specific information.
ERR_APPLE_AUTHENTICATION_INVALID_SCOPE	An invalid `AppleAuthenticationScope` was passed in.
ERR_APPLE_AUTHENTICATION_REQUEST_FAILED	The authentication request failed. See the error message for additional specific information.
ERR_APPLE_AUTHENTICATION_UNAVAILABLE	Apple authentication is unavailable on the device.
ERR_CANCELED	The user canceled the sign-in request from the system modal.