All guides
All SMB· Authentication

How to Add Apple Sign In and Google Sign In to Your Rork App (Without the Pain)

Apple Sign In is the single most common place non-technical operators get stuck. Bundle identifiers, capabilities, Apple Developer console, return URLs, and one missing checkbox kills the whole flow. This is the cheat sheet.

If you have built a real native mobile app, the single most painful step is almost never the app itself. It is adding Apple Sign In and Google Sign In the first time. Operators who shipped construction apps and field-service apps and CRMs without trouble get stuck here for 4 hours.

This is the cheat sheet that gets you through it in 30 minutes.

Why It Is Painful

Apple Sign In is not painful because it is complex. It is painful because it requires you to set up three different systems and have them all agree on the exact same identifier, with checkboxes in specific places, and a missing checkbox kills the whole flow with a generic error.

The three systems:

  1. Your Rork / Expo app config. Bundle identifier in app.json (iOS) and applicationId in app.json (Android).
  2. The Apple Developer console. App ID with "Sign in with Apple" capability enabled. Service ID for web. Domain verification. Redirect URLs.
  3. Supabase. Apple provider enabled, service ID, secret key (generated from Apple), callback URL allowed-list.

If any one of these is misaligned, Apple Sign In silently fails with a generic error and you have no idea which one.

The 30-Minute Apple Sign In Setup

Step 1: Bundle Identifier (5 min)

In Rork, open your project settings. Look for app.json or the platform config. Confirm your iOS bundle identifier looks like com.yourcompany.yourapp. Write this down. This exact string is going to appear in three places.

Step 2: Apple Developer Console (15 min)

Go to developer.apple.com. Sign in to your $99/year account.

  • Certificates, Identifiers & Profiles → Identifiers. Find or create the App ID matching your bundle identifier. Enable the "Sign in with Apple" capability checkbox. Save.
  • Identifiers → Services IDs. Create a new Service ID for the web flow if you target web too. Use a name like com.yourcompany.yourapp.signin. Enable Sign in with Apple. Configure the return URLs (your Supabase callback URL, found in Supabase dashboard → Auth → Providers → Apple).
  • Keys. Create a new Sign in with Apple key. Download the .p8 file (you only get to download it once). Note the Key ID. Note your Team ID.

Step 3: Supabase Apple Provider (10 min)

In your Supabase project dashboard:

  • Authentication → Providers → Apple. Enable it.
  • Paste your Service ID (the one ending in .signin).
  • Paste your Team ID.
  • Paste your Key ID.
  • Paste the contents of the .p8 file.
  • Save.

Copy the callback URL Supabase shows. Go back to Apple Developer Console and confirm it is in the allowed return URLs for the Service ID.

Step 4: Rork App (5 min)

Tell Rork: "Add Sign in with Apple to my app." It will install expo-apple-authentication and create the sign-in button. Test in a real device build, not the simulator (Apple Sign In requires a real device or TestFlight build).

If the button works, you are done.

Google Sign In (15 min)

Easier than Apple. Three steps:

Step 1: Google Cloud Console (10 min)

Go to console.cloud.google.com. Create a project (or use an existing one).

  • APIs & Services → Credentials. Create OAuth 2.0 Client IDs.
  • One for iOS: enter your bundle identifier.
  • One for Android: enter your package name and SHA-1 fingerprint (you can find SHA-1 in your Expo build credentials).
  • One for Web: add Supabase callback URL to allowed redirect URIs.

Step 2: Supabase Google Provider (3 min)

  • Authentication → Providers → Google. Enable it. Paste your web Client ID and Client Secret. Save.

Step 3: Rork App (2 min)

Tell Rork: "Add Sign in with Google to my app." Installs expo-auth-session configured for Google. Test on a real device.

The Three Errors You Will See

Error 1: "Sign in with Apple is not available"

You did not enable the capability on the App ID in the Apple Developer console. Go back, enable it, regenerate provisioning profiles.

Error 2: Sign in succeeds in the app but Supabase has no user

The callback URL in Apple Developer console does not match the callback URL Supabase expects. They have to match exactly, including https:// and trailing slash.

Error 3: "Invalid client" error

Your Service ID, Team ID, or Key ID in Supabase does not match what Apple has. Re-copy them from Apple Developer console, character-by-character.

What Operators Wish They Had Known

Three things:

  1. Test on a real device, not the simulator. Apple Sign In fails silently on the iOS Simulator on certain Xcode versions. Always test via TestFlight or a physical device.
  2. Apple's domain verification can take 24 hours. The first time you set up a Service ID, the domain verification step can take up to a day to propagate. Plan around this.
  3. Apple Sign In privacy emails are real. Some users will sign in with [email protected]. These are routed through Apple. Treat them as primary emails; never strip them.

What to Do This Week

Most operators set up Apple Sign In once and forget it. The pain is one-time. If you have an existing Rork app without Apple Sign In, block out 90 minutes one afternoon. Follow this guide. Ship it. Move on.

For the rest of the operator stack, see How to Build a Mobile CRM Your Team Will Actually Use and The ChatGPT + Rork Workflow.

Frequently asked questions

Is Apple Sign In required for my app?+
If you offer any other social sign-in option (Google, Facebook, X), Apple's App Store Review Guidelines (section 4.8) require you to also offer Sign in with Apple. If you only offer email/password, Apple Sign In is optional. Most operators add both Apple and Google Sign In together because that covers 95% of users.
Why does Apple Sign In fail with a generic error?+
Almost always one of three things: (1) the bundle identifier in your Apple Developer console does not match your Expo / Rork app config exactly, (2) the Sign in with Apple capability is not enabled on the App ID in the Developer console, (3) the redirect URL Supabase generates is not added to the allowed callback URLs on Apple's side. Check all three before debugging anything else.
Do I need to pay $99/year for an Apple Developer account to add Apple Sign In?+
Yes. Apple Sign In requires a real App ID in the Apple Developer Program. The $99/year account is required to publish anyway, so it's not extra cost.
What's different about Google Sign In on iOS vs Android?+
iOS uses Google's GoogleSignIn SDK with a reverse-client-ID URL scheme registered in Info.plist. Android uses Google Play Services with a SHA-1 certificate fingerprint added to your Google Cloud Console OAuth client. Both flow through the same Supabase backend handler. Rork's plan mode walks you through both.
Can I add Apple Sign In to an existing app without breaking current users?+
Yes. Existing email/password accounts keep working. Apple Sign In creates a new auth provider entry in Supabase. To merge an existing account with Apple, prompt the user to confirm the email match on first Apple sign-in.
What about Sign In with Google on web?+
Use the same Supabase Google OAuth provider. The web target of your Rork project uses the OAuth redirect flow. iOS and Android use the native flow. All three share the same user records in Supabase.

Related guides

→ Browse all guides
Mobile-first guides for non-technical owners shipping real native iOS + Android apps for their teams.
→ Start building in Rork
Describe what you want. Ship to iOS, Android, and web from one project.