Multiple apps under same Sign in with Apple

Question

I have several apps (~20) and I want to be able to log in with the same account in each of them; the apps belong to the same Apple Developer account.

When the user creates an account within one of the apps, this allows access to the apps and has the content synced across them (it creates some sort of organization account). The account can be then shared across them.

This flow already works with a custom-implemented email+password authentication and Facebook login method, but now I need to introduce Sign in with Apple and I'm encountering some issues.

When trying to add multiple apps under the same app in App Store Connect, I get the following error:

Maximum number of apps have been associated with this primary app. Max limit: '5'

How can I group all ~20 apps together so that I can recognize the same user logging in from different apps?

Answer 1

From your question, I think the limitation on the linked apps set by Apple cannot be changed. But I would recommend you to send an email to Apple's developer support team to ask whether they allow 20 apps to share same account information instead of current 5 maximum.

Besides that, this is what I think about: I'm not sure about your apps. I know some apps will allow users to change their usernames. If you are in this case, you can change that from username to nickname, and assign a new username(could be the old nickname for old users or their e-mail address). And make username unchanged. From what I know, when a user is using Sign-in with Apple, you can ask them to input some information. In this case, you can ask them to input a username which will later become the universal username in other apps. This is the solution I currently think about.

Answer 2

I was able to get in contact with Apple engineers during a WWDC21 - Sign in with Apple dedicated lab and they explained me how to solve this.

Adding multiple apps to the same App ID is meant for apps of the same target but running on a different platform (e.g. iOS app, macOS app, watchOS app, etc.).

The solution is to enable each app as primary ID for Sign in with Apple.

When triggering the Sign in with Apple request from within the app, after a successful response, the authorizationController(controller:didCompleteWithAuthorization:) callback is invoked. The ASAuthorization object provided, when successfully casted to ASAuthorizationAppleIDCredential can be used to retrieve a JWT token (specifically the identityToken which will be used for proceeding with the authentication creation/identification in your backend.

func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {
    switch authorization.credential {
    case let appleIDCredential as ASAuthorizationAppleIDCredential:
        guard let accessToken = appleIDCredential.identityToken else {
            // Handle your error here: access token not found
            return
        }
        let stringToken = String(decoding: accessToken, as: UTF8.self)
        // From here you can use the decoded access token or use the raw Data directly
    default:
        break
    }
}

This token contains a unique user id, found under the sub key, which is created from the combination of your team/developer account ID and the user's Apple ID;

This value is then unique in your developer account and it means that the combination of the user Apple ID and your team ID associated with your app(s), will always generate the same value for the sub field. This will identify the user across the apps so that your backend can avoid generating a new account but instead return the existing, associated one.