Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time



OmniAuth strategy for Sign In with Apple.


Add this line to your application's Gemfile:

gem 'omniauth-apple'

And then execute:

$ bundle

Or install it yourself as:

$ gem install omniauth-apple


Rails.application.config.middleware.use OmniAuth::Builder do
  provider :apple, ENV['CLIENT_ID'], '',
             scope: 'email name',
             team_id: ENV['TEAM_ID'],
             key_id: ENV['KEY_ID'],
             pem: ENV['PRIVATE_KEY']

Configuring "Sign In with Apple"

other Sign In with Apple guides:

Look out for the values you need for your config

  1. your domain and subdomains, something like:,
  2. your redirect uri, something like: (check rails routes to be sure)
  3. omniauth's "client id" will be Apple's "bundle id", something like: com.myapp
  4. you will get the "team id" value from Apple when you create your App Id, something like: H000000B
  5. Apple will give you a .p8 file, which you'll use to GENERATE your :pem value


  1. Log into your Apple Developer Account (if you don't have one, you can create one here)

  2. Get an App Id with the "Sign In with Apple" capability

    • go to your Identifiers list
    • start a new Identifier by clicking on the + sign in the Identifiers List
    • select App IDs and click continue
    • select App and continue
    • enter a description and a bundle id
    • check the "Sign In with Apple" capability
    • save it
  3. Get a Services Id (which we will use as our client id)

  4. Get a Secret Key

    • go to your Keys list
    • start a new Key by clicking on the + sign in the Keys List
    • enter a name
    • make sure "Sign In with Apple" is checked, then click configure
    • make sure the Primary App ID matches the App ID you configured earlier
    • save the "Sign In with Apple" capability
    • click "continue" to finish the Key config (you will be prompted to Download Your Key)
    • Apple will give you a .p8 file, keep it safe and secure (don't commit it).

Mapping Apple Values to OmniAuth Values

  • your :team_id is in the top-right of your App Id config (aka App ID Prefix), it looks like: H000000B

  • your :client_id is in the top-right of your Services Id config (aka Identifier), it looks like: com.example

  • your :key_id is on the left side of your Key Details page, it looks like: XYZ000000

  • your :pem is the content of the .p8 file you got from Apple, with an extra newline at the end

  • example from a Devise config:

      config.omniauth :apple, ENV['APPLE_SERVICE_BUNDLE_ID'], '', {
        scope: 'email name',
        team_id: ENV['APPLE_APP_ID_PREFIX'],
        key_id: ENV['APPLE_KEY_ID'],


Bug reports and pull requests are welcome on GitHub at


The gem is available as open source under the terms of the MIT License.