Apple sign-in works in Xcode but not in production for apple verification testers

Get Help
,
1

Hello

I setup Apple sign-in for my native app, as it is a mandatory requirement from apple now.

I use the new universal login. Already use Google SSO + email/password and these work like a charm. iOS code is built with Expo + React Native.

For Apple sign-in:

Connection on auth0 : all good, configuration validated when I sign-in with my personal account.

Release build in XCode : all good. Login with Apple sign-in works like a charm as well. Account created in Auth0, I am then redirected to my app, properly logged in… Nothing to complain.

Real device testing (and especially Apple testers for app validation) : Bug
Scenario : click on login in my app, land on auth0 universal login, choose “signup”, choose “use Apple…”, use touch ID
Result : there’s just an error “signup not completed”. I don’t even get an account created on auth0 and I don’t see logs either, so I feel like they don’t even contact my auth0 instance in this case (or I’m not looking in the right place).

Does anyone know what could happen ? I tried different configurations, tested different builds, auth0 configurations, …
I assume that Apple testers have a properly working Apple account, so I try not to rely on the fact it might be related to a misfunctionning account.

What I don’t get is how can it work with a release build on XCode but not for iPad testers ? And how come the universal login doesn’t even contact my auth0 instance or even provide a more detailed error ?

Assumptions :

  1. Auth0 configuration is ok because connection testing is ok.
  2. Callback urls on Auth0 are ok because they work well on virtual device with the same package ID
  3. Callback to Auth0 is ok on Apple (myauth0instance/login/callback) as I can correctly create accounts from Apple sign in when using Xcode)
  4. Configuration of the app seems ok : package name is consistent, works with release build, got Apple Sign In entitlement configured…

Obviously, one of these assumption is wrong, but I’ve been on this for days and can’t get the slightest progress.

Any help would be incredibly appreciated :folded_hands:

Thanks

3

Hi @contact21,

Welcome to the Auth0 Community!

The likely issue is that the Service ID (Client ID) used in your Auth0 connection is only enabled for your Bundle ID (App ID) in the development/ad-hoc environment, or there’s a missing Domain association that Apple’s stricter App Review environment is flagging. The “signup not completed” error is a generic failure from the Apple/Auth0 exchange flow.

The failure is likely occurring during Step 4 of the native flow (Auth0 exchanging the authorization code with Apple for tokens), which is often protected by your Apple credentials.

Please perform a meticulous check of the following three points in your Apple Developer portal, as these are the most common points of failure between dev and production for Auth0’s SIWA flow:

1. Verify the Service ID and Primary App ID

  1. Go to the Apple Developer Portal: Navigate to Certificates, Identifiers & Profiles > Identifiers.
  2. Find your Service ID: Select the Identifier of Type “Service IDs” (e.g., com.mycompany.service.auth0). This is the Client ID you use in your Auth0 Apple connection settings.
  3. Check Primary App ID: Edit this Service ID. Ensure the “Primary App ID” is correctly set to your native application’s App ID (Bundle Identifier, e.g., com.mycompany.myapp). This link is crucial for the native flow and can be easily overlooked.

2. Check Associated Domains

For the Universal Login flow (which happens in a browser context before returning to your app), you must have the correct domain association in your App ID.

  1. Find your App ID: In Identifiers, select the Identifier of Type “App IDs” (e.g., com.mycompany.myapp).
  2. Verify Service: Ensure the “Sign In with Apple” capability is checked (which you’ve likely done).
  3. Check Domains (Crucial for Expo/Native Flow): For React Native/Expo, the app often uses auth0.com or your Custom Domain as the domain for the flow. Check your app’s Xcode project or Expo config to ensure you have the correct Associated Domains entitlement set, including the link to your Auth0 tenant.

3. Regenerate and Re-verify the Client Secret (JWT)

The Auth0 Apple connection uses a JWT (Client Secret) that expires. Since your release build was working previously, this secret may have expired.

  1. Go to Keys: In Certificates, Identifiers & Profiles > Keys.
  2. Find your Key: Locate the key you created for Sign In with Apple.
  3. Check Expiration: If the key is close to or past its expiration (often 6 months), you must:
  • Generate a New Private Key.
  • Download the .p8 file (you only get one chance to download it).
  • Update your Auth0 Connection: Go to Auth0 Dashboard > Authentication > Social > Apple and paste the contents of the new .p8 file into the Client Secret Signing Key field.

Note: The error “signup not completed” is a common symptom of an expired or invalid Client Secret, as Auth0 cannot complete the backend token exchange with Apple.

If you have any further questions, please don’t hesitate to reach out.

Have a good one,
Vlad

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.