Skip to main content
Version: v4





The Apple Provider comes with a set of default options:

You can override any of the options to suit your own use case.

Generating a secret

Apple requires the client secret to be a JWT. To generate one, you can use the following script:

For more information, see the Apple docs

Then, you can paste the result into your .env.local file under APPLE_SECRET, so you can refer to it from your code:

import AppleProvider from "next-auth/providers/apple";
providers: [
clientId: process.env.APPLE_ID,
clientSecret: process.env.APPLE_SECRET

The TeamID is located on the top right after logging in.


The KeyID is located after you create the Key look for before you download the k8 file.




Apple requires all sites to run HTTPS (including local development instances).


Apple doesn't allow you to use localhost in domains or subdomains.

The following guides may be helpful:

Example server

You will need to edit your host file and point your site at

How to edit my host file?

On Windows (Run Powershell as administrator)

Add-Content -Path C:\Windows\System32\drivers\etc\hosts -Value "`" -Force

Create certificate

Creating a certificate for localhost is easy with openssl . Just put the following command in the terminal. The output will be two files: localhost.key and localhost.crt.

openssl req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj "/CN=localhost" -extensions EXT -config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")


The OpenSSL executable is distributed with Git for Windows. Once installed you will find the openssl.exe file in C:/Program Files/Git/mingw64/bin which you can add to the system PATH environment variable if it’s not already done.

Add environment variable OPENSSL_CONF=C:/Program Files/Git/mingw64/ssl/openssl.cnf

 req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj "/CN=localhost"

Create directory certificates and place localhost.key and localhost.crt

You can create a server.js in the root of your project and run it with node server.js to test Sign in with Apple integration locally:

const { createServer } = require("https")
const { parse } = require("url")
const next = require("next")
const fs = require("fs")

const dev = process.env.NODE_ENV !== "production"
const app = next({ dev })
const handle = app.getRequestHandler()

const httpsOptions = {
key: fs.readFileSync("./certificates/localhost.key"),
cert: fs.readFileSync("./certificates/localhost.crt"),

app.prepare().then(() => {
createServer(httpsOptions, (req, res) => {
const parsedUrl = parse(req.url, true)
handle(req, res, parsedUrl)
}).listen(3000, (err) => {
if (err) throw err
console.log("> Ready on https://localhost:3000")