Server-Side Sign in with Apple

Nov 15 2022 · Swift 5.6, macOS 12, iOS 15, Xcode 13.3

Part 2: Add Sign in with Apple to a Website

08. Handle the Sign in with Apple Callback

Episode complete

Play next episode

About this episode
Leave a rating/review
See forum comments
Cinema mode Mark complete Download course materials
Previous episode: 07. Add the Sign in with Apple Button to a Website Next episode: 09. Authenticate Sign in with Apple Users on the Web

Get immediate access to this and 4,000+ other videos and books.

Take your career further with a Kodeco Personal Plan. With unlimited access to over 40+ books and 4,000+ professional videos in a single subscription, it's simply the best investment you can make in your development career.

Learn more Already a subscriber? Sign in.

Heads up... You've reached locked video content where the transcript will be shown as obfuscated text.

When a user signs in with Apple on the web, they authenticate with Apple servers.

func appleAuthCallbackHandler(_ req: Request) async throws -> View {

let siwaData = try req.content.decode(AppleAuthorizationResponse.self)
guard let sessionState = req.cookies["SIWA_STATE"]?.string, !sessionState.isEmpty, sessionState == siwaData.state else {
    req.logger.warning("SIWA does not exist or does not match")
    throw Abort(.unauthorized)
struct SIWAHandleContext: Encodable {
  let token: String
  let email: String?
  let firstName: String?
  let lastName: String?
let context = SIWAHandleContext(token: siwaData.idToken, email: siwaData.user?.email, firstName: siwaData.user?.name?.firstName, lastName: siwaData.user?.name?.lastName)
return try await req.view.render("siwaHandler", context)"login", "siwa", "callback", use: appleAuthCallbackHandler)
<!doctype html>
<html lang="en" class="h-100">
    <!-- Required meta tags -->
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Sign in With Apple | Southdown Marketplace</title>
  <body class="d-flex flex-column h-100">

  function handleCallback() {
    const form = document.getElementById("siwaRedirectForm") = 'none';
  window.onload = handleCallback;
<form action="/login/siwa/handle" method="POST" id="siwaRedirectForm">
<input type="hidden" name="token" value="#(token)">
<input type="hidden" name="email" value="#(email)">
<input type="hidden" name="firstName" value="#(firstName)">
<input type="hidden" name="lastName" value="#(lastName)">
<input type="submit" value="If nothing happens click here">