turbostarter/.context/turbostarter-framework-context/sections/mobile/auth/oauth/apple.md

title, description, url

title	description	url
Apple	Configure "Sign in with Apple" for your mobile application.	/docs/mobile/auth/oauth/apple

Apple

"Sign in with Apple" provides a native, privacy-preserving SSO experience on iOS. Use the system Apple button and the Apple Authentication APIs to sign users in, then verify the identity token on your backend and create a session with your auth server.

Native Apple ID authentication is available on iOS only. You are advised to present the official system button (or our custom component - also compliant!) and follow [Apple's Human Interface Guidelines](https://developer.apple.com/design/human-interface-guidelines/sign-in-with-apple) for best practices.

Why use native Apple ID authentication?

System sheet + official button, aligned with [Apple's Human Interface Guidelines](https://developer.apple.com/design/human-interface-guidelines/sign-in-with-apple) for trust and conversion. Private relay email and limited data by design, ensuring your users' privacy is protected and compliant with App Store guidelines. Fast, low-friction sign-in on iOS enabling your users to sign in without the need to remember or create additional passwords. JWT verification on the server with [Better Auth](https://www.better-auth.com/docs/authentication/apple), keeping your users' credentials secure. We exchange Apple credentials for an app session and persist it in the app.

Requirements

• Enable the "Sign in with Apple" capability for your bundle identifier in the Apple Developer Portal
• Add the entitlement and build with EAS (or configure natively)
• Ensure your app's deep link scheme is added to the auth server's trusted origins configuration

Check the Better Auth documentation for more details on how to configure all the required keys and certificates.

High-level flow

1. Check availability with AppleAuthentication.isAvailableAsync().
2. Render the system AppleAuthenticationButton or custom TurboStarter component.
3. Call AppleAuthentication.signInAsync() requesting FULL_NAME and/or EMAIL as needed.
4. Send the returned idTokeb identifier to the API powered by Better Auth to verify and establish a session.
5. Optionally track credential state with AppleAuthentication.getCredentialStateAsync(user).

Always verify the JWT signature from `idToken` on your backend using Apple's public keys before creating a session.

For a more in-depth overview of Apple ID authentication—including implementation details, platform caveats, and advanced configuration—see the following resources: