Sign in with Apple

Sign in with Apple

Sign in with Apple is an OAuth-based authentication service that lets users log into websites using their Apple ID with built-in privacy features. Scripts load the Apple authentication button and handle secure token exchange. Supports email relay to hide user email addresses from websites, and stores session tokens to maintain login state.

Back to Vendor Library

Overview

Sign in with Apple is an OAuth 2.0-based authentication service that lets users log into websites using their Apple ID. It is designed with privacy as a core feature, offering email relay (Hide My Email) so users can sign up for services without revealing their real email address. Sign in with Apple appears on websites as a branded login button alongside other social login options.

What This Script Does

Sign in with Apple loads the Apple ID authentication SDK from appleid.cdn-apple.com. The SDK renders the "Sign in with Apple" button and manages the OAuth 2.0 / OpenID Connect authentication flow.

When the user clicks the button, the SDK opens Apple's authentication page (either as a popup or redirect). The user authenticates with their Apple ID credentials and, on first use, chooses whether to share their real email or use Apple's email relay service. Apple then returns an authorization code and an identity token (JWT) to the website's callback URL.

The following data is involved:

  • Authorization code: Single-use code exchanged server-side for access and refresh tokens
  • Identity token (JWT): Contains the user's unique identifier, email (real or relayed), and name (if shared on first login)
  • Session cookies: The website stores session tokens to maintain the authenticated state; these are first-party cookies set by the website, not by Apple

Apple's servers at appleid.apple.com are contacted during the authentication flow. After the initial authentication, ongoing session management is handled by the website's own cookies and tokens. Apple does not set persistent tracking cookies in the user's browser.

Sign in with Apple does not collect browsing behavior, build advertising profiles, or share data with third parties. Apple's email relay system actively prevents the website from learning the user's real email address unless the user explicitly chooses to share it.

Consent & Compliance

Sign in with Apple is classified as essential. It is an authentication mechanism — a core functional requirement for websites that offer Apple ID login as an access method.

Under the GDPR, processing user authentication data falls under contract performance (Article 6(1)(b)) when the user actively initiates a login. The user's explicit action of clicking "Sign in with Apple" and authenticating with their Apple ID constitutes a clear request for the service. Additionally, Apple's privacy-by-design approach (email relay, minimal data sharing) aligns well with GDPR's data minimization principle.

Under the ePrivacy Directive, any cookies or tokens stored during the authentication flow qualify as strictly necessary for a service explicitly requested by the user. Article 5(3) exempts such storage from consent requirements.

Under CCPA/CPRA, Sign in with Apple does not sell or share personal information. Apple acts as an identity provider, and its email relay feature specifically reduces the personal information exposed to the website. The service aligns with CPRA's data minimization requirements.

Should You Block This Without Consent?

No. Sign in with Apple is an authentication service that users explicitly invoke. It processes only the data necessary for login, sets no tracking cookies, and Apple's email relay feature actively protects user privacy. Blocking it behind a consent wall would prevent users from logging in, which defeats the purpose of the service.

Visit website

Consent Categories

Essential

Also Known As

Apple ID loginApple OAuthApple SSOApple authenticationApple ID sign-in

Industries

Computers Electronics and TechnologyComputer Hardware

Tracked Domains (3)

apple.comEssential
appleid.apple.comEssential
idmsa.apple.comEssential

Frequently Asked Questions

Does Sign in with Apple require cookie consent?

No. Sign in with Apple is an authentication service users explicitly invoke. GDPR Article 6(1)(b) covers login data processing under contract performance. Apple does not set persistent tracking cookies; tokens stored are first-party session cookies set by the website itself. ePrivacy's strictly necessary exemption covers authentication storage.

What data does Sign in with Apple handle?

Apple returns an authorization code and an identity token containing the user's unique identifier and email — real or relay-generated via Hide My Email. The website sets its own first-party session cookies. Apple does not set persistent tracking cookies. The SDK loads from appleid.cdn-apple.com; auth flows complete at appleid.apple.com.

How does ConsentStack treat Sign in with Apple?

ConsentStack classifies Sign in with Apple as essential. Because it is an authentication mechanism with no advertising or tracking functions, ConsentStack does not gate the appleid.cdn-apple.com SDK behind any consent prompt. The auth flow operates normally across all consent states, aligning with GDPR data minimization through Apple's email relay.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Sign in with Apple

ConsentStack automatically detects and manages Sign in with Apple trackers so your site stays compliant with global privacy regulations.

Get started free