{"id":16687180,"url":"https://github.com/redth/xamarin.applesignin.sample","last_synced_at":"2026-03-05T16:50:15.621Z","repository":{"id":38052621,"uuid":"207570374","full_name":"Redth/Xamarin.AppleSignIn.Sample","owner":"Redth","description":"A sample of how to implement Apple Sign In in Xamarin.Forms for Android, iOS, and UWP","archived":false,"fork":false,"pushed_at":"2022-12-08T07:03:45.000Z","size":1151,"stargazers_count":33,"open_issues_count":10,"forks_count":8,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-18T00:43:26.398Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Redth.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-09-10T13:41:40.000Z","updated_at":"2024-12-20T20:53:16.000Z","dependencies_parsed_at":"2022-09-18T02:04:10.383Z","dependency_job_id":null,"html_url":"https://github.com/Redth/Xamarin.AppleSignIn.Sample","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Redth%2FXamarin.AppleSignIn.Sample","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Redth%2FXamarin.AppleSignIn.Sample/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Redth%2FXamarin.AppleSignIn.Sample/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Redth%2FXamarin.AppleSignIn.Sample/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Redth","download_url":"https://codeload.github.com/Redth/Xamarin.AppleSignIn.Sample/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244849454,"owners_count":20520717,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-12T15:08:06.515Z","updated_at":"2026-03-05T16:50:15.578Z","avatar_url":"https://github.com/Redth.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Apple Sign In for Xamarin.Forms\n\nThis repository contains a sample Xamarin.Forms (iOS, Android, UWP) app which demonstrates how to implement Apple Sign In, as well as an Azure Functions project which is required for non-iOS13+ platforms, and a library project which contains the code for handling Apple Sign In's OpenID/OAuth calls.\n\n - XamarinFormsAppleSignIn - Sample Xamarin.Forms project using DependencyService pattern for calling Apple Sign In flows (native iOS 13+ sign in API's and OAuth/OpenID for the other platforms)\n - AppleSignInAzureFunction - Azure Functions for generating Apple Sign In Authorization URL and handling sign in callback from Apple\n - Xamarin.AppleSignIn - Library project containing code to handle the OAuth/OpenID flow for Apple Sign In\n\n\n# Apple Developer Setup\n\nFirst of all you need to set up a few things in Apple's Developer portal, in the [Certificates, Identifiers \u0026 Profiles](https://developer.apple.com/account/resources/) section.\n\n## Setup Apple Sign In Domain\n\nFirst of all you will need to register your domain name and verify it with Apple in the [More](https://developer.apple.com/account/resources/services/list) section of the _Certificates, Identifiers \u0026 Profiles_ portal, by clicking **Configure**.\n\n![Setup your Domain](Images/readme-signin-domain-more.png)\n\nAdd your domain and click **Register**\n\n![Register your Domain](Images/readme-signin-domain-configure.png)\n\n\u003e NOTE: If you see an error about your domain not being _SPF Compliant_, you will need to add a _SPF_ DNS TXT Record to your domain and wait for it to propogate before continuing:\n\u003e\n\u003e The SPF TXT may look something like this:\n\u003e ```\n\u003e v=spf1 a a:myapp.com -all\n\u003e ```\n\nNext you will need to verify ownership of the domain by clicking **Download** to download the `apple-developer-domain-association.txt` file, and uploading that file to the `.well-known/` folder of your website, for the given domain.\n\nOnce your `.well-known/apple-developer-domain-association.txt` file is uploaded, and reachable at your site's url, you can click **Verify** to have Apple verify your domain ownership.\n\n\u003e NOTE: Apple will verify ownership with `https://`, so ensure you have SSL setup and the file is accessible through a secure URL.\n\nYou will need to successfully complete this process before continuing to the next Setup section.\n\n## Setup your App ID\n\nIn the [Identifiers](https://developer.apple.com/account/resources/identifiers/list) section, create a new identifier, and choose **App IDs**.  If you already have an App ID, choose to edit it instead.\n\n![Create a new App ID](Images/readme-appid-create.png)\n\nEnable **Sign In with Apple**.  You will most likely want to use the **Enable as primary App ID** option.\n![Enable Sign In with Apple](Images/readme-appid-signin.png)\n\nSave your App ID changes.\n\n## Create a Server ID\n\nNext, in the [Identifiers](https://developer.apple.com/account/resources/identifiers/list/serviceId) section, create a new identifier, and this time choose **Service IDs**\n\n![Create a new Service ID](Images/readme-serviceid-create.png)\n\nGive your Services ID a description, and an identifier.  This identifier will be your `ServerId` later on.  Make sure you enable **Sign In with Apple**.\n\nBefore continuing, click **Configure** next to the _Sign In with Apple_ option you enabled.\n\nIn the configuration panel, ensure the correct **Primary App ID** is selected.\n\nNext, choose the **Web Domain** you configured previously.\n\nFinally, add one ore more **Return URLs**.  Any `redirect_uri` you use later must be registered here exactly as you use it.  Make sure you include the `http://` or `https://` in the URL when you enter it.\n\n\u003e NOTE: For testing purposes, you cannot use `127.0.0.1` or `localhost`, but you can use other domains such as `local.test`.  If you choose to do this, you can edit your machine's `hosts` file to resolve this fictitious domain to your local IP address.\n\n![Configure your Apple Sign In](Images/readme-serviceid-configure.png)\n\nSave your changes when your are finished.\n\n\n## Create a Key for your Services ID\n\nIn the [Keys](https://developer.apple.com/account/resources/authkeys/list) section, create a new **Key**.\n\nGive you key a name, and enable **Sign In with Apple**.\n\n![Create a new Key](Images/readme-key-create.png)\n\nClick **Configure** beside _Sign In with Apple_.\n\nEnsure the correct **Primary App ID** is selected and click **Save**.\n\nClick **Continue** and then **Register** to create your new key.\n\nNext, you will only have one chance to download the key you just generated.  Click **Download**.\n\n![Download Key](Images/readme-key-download.png)\n\nAlso, take note of your **Key ID** at this step.  This will be used for your `KeyId` later on.\n\nYou will have downloaded a `.p8` key file.  You can open this file in Notepad, or VSCode to see the text contents.  They should look something like:\n\n```\n-----BEGIN PRIVATE KEY-----\nMIGTAgEAMBMGBasGSM49AgGFCCqGSM49AwEHBHkwdwIBAQQg3MX8n6VnQ2WzgEy0\nSkoz9uOvatLMKTUIPyPCAejzzUCgCgYIKoZIzj0DAQehRANCAARZ0DoM6QPqpJxP\nJKSlWz0AohFhYre10EXPkjrih4jTm+b0AeG2BGuoIWd18i8FimGDgK6IzHHPsEqj\nDHF5Svq0\n-----END PRIVATE KEY-----\n```\n\nKeep this key in a safe place.  We will use it later as the `P8FileContents`.\n\n\n# Using Apple Sign In in your App\n\n## iOS 13+\n\nIn iOS 13 and newer, Apple has native API's to help Authenticate users with Apple Sign In.\n\nThe [AppleSignInServiceiOS.cs](XamarinFormsAppleSignIn/XamarinFormsAppleSignIn.iOS/Services/AppleSignInServiceiOS.cs) file demonstrates how to use the native API's.\n\n## iOS 13+ Setup\n\nYou will need to add a new entitlement to your app.  Make sure you add the following to your entitlements file:\n\n```xml\n\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003ecom.apple.developer.applesignin\u003c/key\u003e\n\t\u003carray\u003e\n\t\t\u003cstring\u003eDefault\u003c/string\u003e\n\t\u003c/array\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n```\n\nNote: For testing of your iOS app, ensure you are signing with a certificate and provisioning profile for the App ID you enabled Apple Sign In for.\n\n## Android, UWP, and older iOS versions\n\nApple also supports a version of OpenID/OpenAuth for other platforms.\n\n\n# Sample Apple Sign In Flow\n\nThis sample offers an opinionated implementation for getting Apple Sign In to work in your Xamarin.Forms app.\n\nWe use two Azure Functions to help with the authentication flow:\n\n1. `applesignin_auth` - Generates the Apple Sign In Authorization URL and redirects to it.  We do this on the server side, instead of the mobile app, so we can cache the `state` and validate it when Apple's servers send a callback.\n2. `applesignin_callback` - Handles the POST callback from Apple and securely exchanges the authorization code for an Access Token and ID Token.  Finally, it redirects back to the App's URI Scheme, passing back the tokens in a URL Fragment.\n\nThe mobile app registers itself to handle the custome URI scheme we have selected (in this case `xamarinformsapplesignin://`) so the `applesignin_callback` function can relay the tokens back to it.\n\nWhen the user initiates authentication, the following steps happen:\n\n1. The mobile app generates a `nonce` and `state` value and passes them to the `applesignin_auth` Azure function.\n2. The `applesignin_auth` Azure function generates an Apple Sign In Authorization URL (using the provided `state` and `nonce`), and redirects the mobile app browser to it.\n3. The user enters their credentials securely in the Apple Sign In authorization page hosted on Apple's servers.\n4. After the Apple Sign In flow finishes on Apple's servers, Apple Redirects to the `redirect_uri` which will be the `applesignin_callback` Azure function.\n5. The request from Apple sent to the `applesignin_callback` function is validated to ensure the correct `state` is returned, and that the ID Token claims are valid.\n6. The `applesignin_callback` Azure function exchanges the `code` posted to it by Apple, for an _Access Token_, _Refresh Token_, and _ID Token_ (which contains claims about the User ID, Name, and Email).\n7. The `applesignin_callback` Azure function finally redirects back to the app's URI scheme (`xamarinformsapplesignin://`) appending a URI fragment with the Tokens (eg: `xamarinformsapplesignin://#access_token=...\u0026refresh_token=...\u0026id_token=...`).\n8. The Mobile app parses out the URI Fragment into an `AppleAccount` and validates the `nonce` claim received matches the `nonce` generated at the start of the flow.\n9. The mobile app is now authenticated!\n\n# Azure Functions / Server Configuration\n\nThis sample uses Azure Functions, but you could just as easily use an ASP.NET Core Controller by copying the simple logic in each of the functions, or even some completely different web server for that matter (but you're on your own to implement those!).\n\n## Configuration\nThere are several App Settings you will need to configure for your Azure Functions:\n\n- `APPLE_SIGNIN_KEY_ID` - This is your `KeyId` from earlier.\n- `APPLE_SIGNIN_TEAM_ID` - This is usually your _Team ID_ found in your [Membership Profile](https://developer.apple.com/account/#/membership)\n- `APPLE_SIGNIN_SERVER_ID`: This is the `ServerId` from earlier.  It's *not* your App _Bundle ID_, but rather the *Identifier* of the *Services ID* you created.\n- `APPLE_SIGNIN_APP_CALLBACK_URI` - This is the custom URI Scheme you want to redirect back to your app with.  In this sample `xamarinformsapplesignin://` is used.\n- `APPLE_SIGNIN_REDIRECT_URI` - The *Redirect URL* you setup when creating your *Services ID* in the *Apple Sign In* Configuration section.  To test, it might look something like: `http://local.test:7071/api/applesignin_callback`\n- `APPLE_SIGNIN_P8_KEY` - The text contents of your `.p8` file, with all the `\\n` newlines removed so it's one long string\n\n# Security Notes\n\nFirst of all, it is very important that you should **never** store your P8 key inside of your application code.  Your application code is easy to download and disassemble.  Placing your private p8 key value inside your app should be considered about as safe as posting it publicly.\n\nIt is also considered a bad practice to use a `WebView` to host the authentication flow, and to intercept URL Navigation events to obtain the authorization code.\n\nThere is currently no secure way to handle the Apple Sign In flow on non iOS13+ devices/platforms without hosting some code on a server to handle the token exchange.  We also recommend hosting the authorization url generation code on the server so you can cache the state and validate it when Apple POST's a callback to your server.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredth%2Fxamarin.applesignin.sample","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredth%2Fxamarin.applesignin.sample","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredth%2Fxamarin.applesignin.sample/lists"}