Apple Sign-in configuration
Configure Sign in with Apple and connect it to The Wallet Crew social sign-in.
Use this when you want to enable the Apple button in an enrolment form.
Start with Social sign-in to understand the user flow. Then come back here for the provider setup.
Overview
Use this page to configure Sign in with Apple (Apple ID login) for The Wallet Crew enrolment forms.
You will configure Apple in two places:
Apple Developer: App ID + Service ID + domains + return URLs.
The Wallet Crew admin: paste your Apple Service ID.
Terminology (Apple)
These terms are used in Apple Developer and OAuth setups.
App ID: identifies your app. Uses a Bundle ID like
com.brand.app.Service ID: identifies a web sign-in integration. This is what you paste in The Wallet Crew.
Domains and subdomains: where the enrolment form is hosted.
Return URLs: OAuth / OpenID Connect callback URLs used after Apple login.
Prerequisites
Access to your brand’s Apple Developer account.
Permission to manage Identifiers and Service IDs.
The list of domains where your enrolment forms will run (prod + staging + dev + custom).
Apple behavior notes (read this first)
Sign in with Apple has a few behaviors that impact your enrolment journey and your matching rules.
On the first sign-in with a given Apple account, Apple can provide first name, last name, and email. On subsequent sign-ins, Apple typically returns email only. Plan your forms as if you will only have the email long term.
Apple users can enable Hide My Email. In that case, Apple returns a relay address instead of the user’s real email.
That relay email can create duplicates if your CRM expects another identifier. If you email customers, you may also need to support delivery to Apple relay addresses.
Apple’s reference: Communicating Using the Private Email Relay Service.
Configure Sign in with Apple in Apple Developer
Open Identifiers
Log in to the Apple Developer account.
Go to
Certificates, IDs & Profiles→Identifiers.
Create (or reuse) an App ID
Click
+and selectApp IDs.
If you already have an App ID for the same domain/app, you may be able to reuse it. This can unlock advanced scenarios. If you’re unsure, ask The Wallet Crew team.
Select the
Apptype.Fill the form with:
Description: a meaningful name for your project
Bundle ID: use the value provided by The Wallet Crew (example:
cloud.neostore.molia.app)Capabilities: enable
Sign In with Apple
Validate the form and click
Register.
Create (or reuse) a Service ID
You need a Service ID for Sign in with Apple on the web.
In the identifier list, switch the filter to
Service IDs.Click
+and selectService IDs.
Fill the form with:
Description: a meaningful name for your service
Identifier: use the value provided by The Wallet Crew (example:
cloud.neostore.molia.service)
Validate the form and click
Register.
The Service ID identifier is the value you will paste in The Wallet Crew admin.
Configure Sign in with Apple (domains + return URLs)
On the identifier list, select the Service ID you just created.
Enable
Sign in with Appleand clickConfigure.
Fill the form with:
Primary App ID: the App ID you created earlier (example:
cloud.neostore.molia.app)Domains and subdomains: add all domains that will host your enrolment forms (prod + staging + dev + custom)
Return URLs: add the OAuth callback URL(s) for each environment
Validate the form and click Continue.
Apple is strict here. Use the exact values.
If you are unsure about the callback URL format, ask The Wallet Crew team.
Configure Email Communication Domains
This step is required if your app sends emails to users who selected Hide My Email when signing in with Apple.
Apple generates a relay address like:
You must register your sending domain, or Apple will reject those emails. Treat relay addresses like normal email addresses in your backend.
This step is required if you send email to users who chose Hide My Email.
Apple returns a relay email address. Treat it like a real mailbox.
Open the Services section
In Certificates, Identifiers & Profiles, click Services in the left menu.
Click Sign in with Apple for Email Communication.
Click Configure.
Under Email Sources, click the + button to add a new email source.
Fill the form with:
Domains and Subdomains: Add the domain(s) you send email from. Example:
Email Addresses: Add the sender email address(es) used by your application. Example:
Click Next and complete validation (SPF/DKIM verification if required).
Add the Service ID in The Wallet Crew
On The Wallet Crew administration console, open:
Fill the Service ID with the identifier used when creating the Service ID (example:
cloud.neostore.molia.service).Save.
Paste the Service ID identifier.
Do not paste the App ID name or the Bundle ID.
Enable Apple on your enrolment form
Enable the provider in the enrolment form settings.
See Enrolment form.
FAQ
Which domains do I need to add in Apple Developer?
Add every domain that can host the enrolment form.
Include prod, staging, dev, and any custom domain.
What should I put in “Return URLs”?
Add the callback URL for each environment and each form domain.
Keep it exact. Scheme, path, and trailing slash must match.
Why do I only get the user’s email after the first login?
Apple only returns name fields on the first consent.
On later logins, Apple typically returns email only.
What is “Hide My Email” and what does it change?
Apple may return a relay email instead of the user’s real email.
That can create duplicates if you match users by email only.
Apple’s reference: Communicating Using the Private Email Relay Service{target="_blank"}.
Last updated