Skip to main content

Set up Apple as an identity provider

Last updated on March 14, 2024

Overview

You can connect your verified Apple Developer account to AccelByte Gaming Services (AGS) to enable Apple authentication in your game with the AGS SDK and in your publisher website with the AGS Player Portal. You may need to set up additional features within Apple services that are not listed here. We recommend contacting your Apple representative and reviewing the Apple Developer documentation.

important

This guide is intended for public use and contains limited information due to confidentiality. We recommend you refer to the full confidential guide first. Contact your AccelByte Technical Producer to request a copy of the guide.

Prerequisites

The prerequisites for enabling Apple as an identity provider vary as follows:

Web login integration

To set up web login integration, you must have:

  • An Apple Developer account.
  • An AGS Admin Portal account to set up authentication and manage permissions.
  • A publisher namespace for your Player Portal and Launcher.
  • A Player Portal.

In-game login integration

To set up in-game login integration, you must have:

  • An Apple Developer account.
  • A Unity or Unreal game project with the latest version of the AccelByte Game SDK imported.
  • For Unreal Engine, you need OnlineSubsystemApple (Apple OSS).
  • For Unity, you need the Apple Unity plugin from the Unity Asset Store.
  • An AGS Admin Portal account to set up authentication and manage permissions.
  • A game namespace.
  • Familiarity with AGS Identity and Access Management (IAM) Clients.

Set up Apple configuration

To enable Apple as an identity provider, follow these steps first in your Apple Developer account.

Create certificates

The certificates resource represents the digital certificates you use to sign in to your iOS or Mac, or web apps for development and distribution. You must create a Developer ID application certificate. To do this, follow the steps on the Create Certificate guide in the Apple Developer documentation.

note

Only the appropriate account holder, manager, or admin can create certificates.

Create App IDs

An App ID identifies your app in a provisioning profile. It is a two-part string used to identify one or more apps from a single development team. You must create App IDs with App Type. To do this, follow the steps on the Register an App ID guide in the Apple Developer Documentation.

note

Only the appropriate account holder, admin, or other accounts with relevant permissions can create an app.

Create Service ID

For each website that uses Sign in with Apple (SIWA), it's necessary to register a services identifier (Services ID). Configure your domain and return URL, then create an associated private key. To do this, follow the steps on the Configure Sign in with Apple for the web guide in the Apple Developer documentation.

Create key

Enable your apps to allow users to authenticate in your application with their Apple ID. To do this, follow the steps on the Create a private key to access a service guide in the Apple Developer Documentation. Ensure that you keep a copy of the key you generate in this step. You will need it when you set up the Apple login method for web and in-game.

IMPORTANT

The SIWA feature must be enabled to be able to create keys.

Set up Apple login method

Set up web login

To allow your players to sign in to your player portal using their Apple accounts, follow these steps:

  1. Log in to the AGS Admin Portal.

  2. In the AGS Admin Portal under your publisher namespace, go to User Management > Login Methods sidebar.

  3. Click the + Add New button.

    Admin Portal Publisher

  4. From the list of available Login Platforms, select Apple.

    Login Method

  5. On the Create Configuration form, fill in the required information.

    Apple Config

    • Fill in the Client ID field with your Apple Service ID.
    • Fill in the Client Secret field with the base64 string of your Private Key. You need to convert or encode a .p8 file, which is downloaded once you created a key, to base64 string. You can use your own favor as a converter.
    • Fill in the Team ID field with your Apple Team ID. You can find it under your account name in the Apple Developer console.
    • Fill in the Key ID field with the key you generated from the Create key step.
  6. After filling in the required information, click Create. The details page of the configuration appears.

  7. To enable the login method, click Activate and click Activate again on the pop-up message to confirm the action.

    Activate Apple

Test and verify

After activating the Apple web login method, you can test it out on your Player Portal. Follow these steps:

  1. Go to the login page of your Player Portal.

    Player Portal

  2. From the login options, select the Apple logo.

    Player Portal Login

  3. You will be redirected to the Apple Login page. Use your Apple credentials to log in.

    Apple Login

    note

    Currently, the system asks players to link their Apple account with an existing or new AccelByte account. AccelByte is working on the ability to enable players to log in to the Player Portal with a headless account.

Set up in-game login

To allow your players to sign in to your game using their Apple accounts, follow these steps:

  1. Log in to the AGS Admin Portal.

  2. In your game namespace, go to User Management > Login Methods.

  3. Click the + Add New button.

    Admin Portal Game

  4. From the list of available Login Platforms, select Apple.

    Login Method

  5. On the Create Configuration form, fill in the required information.

    Apple Config

    • Fill in the Client ID field with your Apple Service ID.
    • Fill in the Client Secret field with the base64 string of your Private Key. You need to convert or encode a .p8 file, which is downloaded once you created a key, to base64 string. You can use your own favor as a converter.
    • Fill in the Team ID field with your Apple Team ID. You can find it under your account name in the Apple Developer console.
    • Fill in the Key ID field with the key you generated from the Create key step.
  6. After filling in the required information, click Create. The details page of the configuration appears.

  7. To enable the login method, click Activate and click Activate again on the pop-up message to confirm the action.

    Activate Apple

Create an IAM client for Apple

An IAM client is a representation of the game client that you want to release on your target platform. Learn more about IAM Clients in Manage access control for applications.

In-game login

The setup for each game engine is different. Follow the steps that are applicable to your game engine.

Unreal Engine in-game login integration

Prepare Unreal project settings

  1. Set the Client ID and Client Secret in DefaultEngine.ini file.

    [/Script/AccelByteUe4Sdk.AccelByteSettings]
    ClientId=abcdefg12345
    ClientSecret=abcdefg12345
    Namespace=test
    PublisherNamespace=accelbyte
    BaseUrl="https://demo.accelbyte.io"
    QosPingTimeout=0.6

    [/Script/AccelByteUe4Sdk.AccelByteServerSettings]
    ClientId=defghi12345
    ClientSecret=defghi12345
    Namespace=test
    PublisherNamespace=accelbyte
    RedirectURI="http://127.0.0.1"
    BaseUrl="https://demo.accelbyte.io"
    QosPingTimeout=0.6
  2. Add the AccelByteUe4Sdk plugin name into the Build.cs file.

    PublicDependencyModuleNames.AddRange(new string[] {  "AccelByteUe4Sdk"  });

    PrivateDependencyModuleNames.Add("OnlineSubsystem");
    PrivateDependencyModuleNames.Add("OnlineSubsystemApple");

Unreal build configuration

Set the Unreal certificates and provisioning

  1. Set the Bundle Identifier to your app's Bundle ID from the Apple Developer portal. Make sure the App ID already has SIWA capability.

  2. Set the correct certificate and provisioning file. This requires .mobileprovision and cert.SingningRequest files.

Enable SIWA in Unreal Engine

UE4 only passes the identity token, which cannot be used to authorize Apple users in AGS Access Service. We need to change it so that it passes authorization code instead. Follow these steps:

  1. Locate and open the following file.

    <EngineDir>\Plugins\Online\OnlineSubsystemApple\Source\Private\OnlineExternalUIInterfaceApple.cpp
  2. Inside the file, locate this line.

    signInWithAppleBridge->SignInResultCallback([AuthAppleID user], [AuthAppleID identityToken], [AuthAppleID email], [AuthAppleID fullName], nullptr);
  3. Change the line to the following, replacing the information in the square brackets appropriately.

    signInWithAppleBridge->SignInResultCallback([AuthAppleID user], [AuthAppleID authorizationCode], [AuthAppleID email], [AuthAppleID fullName], nullptr);

Unreal sample code implementation

  1. Header declaration:

    #include <OnlineSubsystem.h>
    #include "Interfaces/OnlineIdentityInterface.h"
    #include "Interfaces/OnlineLeaderboardInterface.h"
    #include "Core/AccelByteMultiRegistry.h"
    #include "Core/AccelByteError.h"
  2. Log in to Apple Service, then get the Platform Token.

    const IOnlineSubsystem* OnlineSubsystem = IOnlineSubsystem::Get(TEXT("Apple"));
    if (OnlineSubsystem == nullptr)
    {
    FString Message = TEXT("Cannot login with no online subsystem set!");
    UE_LOG(LogTemp, Warning, TEXT("%s"), *Message);
    return;
    }

    const IOnlineIdentityPtr OnlineIdentity = OnlineSubsystem->GetIdentityInterface();
    if (!OnlineIdentity.IsValid())
    {
    FString Message = TEXT("Could not retrieve identity interface from native subsystem.");
    UE_LOG(LogTemp, Warning, TEXT("%s"), *Message);
    return;
    }

    int32 TempLocalUserNum = 0;
    OnlineIdentity->AddOnLoginCompleteDelegate_Handle(TempLocalUserNum,
    FOnLoginCompleteDelegate::CreateLambda([=]
    (int32 LocalUserNum, bool bWasSuccessful, const FUniqueNetId& UserId, const FString& Error)
    {
    if (bWasSuccessful)
    {
    UE_LOG(LogTemp, Warning, TEXT("Success Apple Login"));
    PlatformToken = OnlineIdentity->GetAuthToken(TempLocalUserNum);
    UE_LOG(LogTemp, Warning, TEXT("Apple PlatformToken : %s"), *PlatformToken);
    }
    else
    {
    UE_LOG(LogTemp, Warning, TEXT("Error Login: %s"), *Error);
    }
    })
    );
    // login native
    FOnlineAccountCredentials Creds{};
    OnlineIdentity->Login(TempLocalUserNum, Creds); // Apple Login
  3. Log in to AGS.

    // Log in to AGS 
    FRegistry::User.LoginWithOtherPlatform(EAccelBytePlatformType::Apple
    , PlatformToken
    , FVoidHandler::CreateLambda([=]()
    {
    UE_LOG(LogTemp, Log, TEXT(" Success AB Login "));
    })
    , FOAuthErrorHandler::CreateLambda([=](int32, const FString&, const FErrorOAuthInfo& Result)
    {
    UE_LOG(LogTemp, Warning, TEXT(" Error. Code: %s, Reason: %s"), *Result.Error, *Result.Error_description);
    }));

Sample code testing

In this example, we tested the code on an iPhone 11. The following image shows that the code works and a user is able to log in using Apple with the sample code.

Unreal Engine Code Testing