8

We are in the process of transferring an app from one Apple developer account to another one as part of an app acquisition. The app uses Apple Sign in and Firebase authentication and it seems that there are a few steps to complete related to generating transfer identifiers for users that have signed up using Apple Sign in. This is documented here:

https://developer.apple.com/documentation/sign_in_with_apple/transferring_your_apps_and_users_to_another_team

However, because we use Firebase as the backend for our app we don't have direct control of the authentication process and the user ids generated by Apple sign in and how they are stored in Firebase Auth and how to update them after app transfer.

The documentation of how to generate transfer identifiers it is also quite confusing as it is not clear if you need to generate a transfer identifier for all users and what to do if the user does not login into the app in the 60 day period that they mention after the transfer.

If someone has run into this before we would be very very grateful for some advice on how this can be accomplish. Thanks so much!!

Enrique R.
  • 750
  • 5
  • 16
  • Did you manage to do this? We have the same problem and I'm wondering if you found a solution. – Jonas Lüthke Oct 31 '21 at 18:57
  • 1
    This was complicated to implement. At the end we shipped a version that was storing the old user id in the app and we let that version on the app store for couple of months. Then we we transferred the app to the new account and all users got logged out (ugly). When the user logged back in then we checked if there was a stored user id (the old one) and we migrated their accounts from the old firebase user id to the new one that got generated with the new sign in. I hope this helps!! – Enrique R. Nov 03 '21 at 08:48

1 Answers1

6

I am not fully understand you problem about firebase token.

In my system, I store both user identifier and firebase token of each device into database. Something, like this below...

[id], [userid], [appleUserId], [firebaseToken]
0001, xxxxx, 000625.9cc9a4be8d0c4axxxxxxxxxxxxxxxxxx.xxxx, c9ujMuHrc0f3keNzd1x1ae:APA91bHp......
0002, yyyyy, 001429.9ca6469bfab94xyyyyyyyyyyyyyyyyyy.yyyy, eUiInpEyekdlr10GWshvHu:APA91bHV......

So, after transferred the app, I just need to migrate only appleUserId.

The documentation of how to generate transfer identifiers it is also quite confusing as it is not clear if you need to generate a transfer identifier for all users and what to do if the user does not login into the app in the 60 day period that they mention after the transfer.

I am total agreed with you that it is quite confusing.

Anyway, this is step to migrate appleUserId.

  1. Obtain access token to migrate user id (for sender)
  2. Generate transfer identifier (using sender access token)
  3. Obtain access token to migrate user id (for recipient)
  4. Find new user id by transfer identifier (using recipient access token)

Due to there are only 1000 users who sign in with apple to my system. I create a bash script that call API to convert the user id one by one.

Here is my script to retrieving "transfer identifier".

#!/bin/bash
generateTransferIdFunc() {
APIURL="https://appleid.apple.com/auth/usermigrationinfo"
recipientTeamId=7253******
senderAppBundleID=com.test.app
senderSecret=eyJraWQiOiJBQTQ4NkJaWTUyIiw.........

if [ $# -eq 1 ] && [ -f $1 ]
then
OLDIFS=$IFS
IFS=","
while read oid userid email
do
        echo "Start retrieving trasfer_sub for : $userid, $email"
curl -sS --location --request POST $APIURL \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer ae42b9xxxxxxxxxxxxxxxxxxxxxxxxxxx.0.xxxxx.4xxxxxxxxxxxxxxxxxxxxx' \
-d "sub=$userid&target=$recipientTeamId&client_id=$senderAppBundleID&client_secret=$senderSecret"

        echo ""
        echo "End."
done < $1
IFS=$OLDIFS
else
        echo "Input file not found!"
fi
}


if [ $# -eq 1 ] && [ -f $1 ]
then
generateTransferIdFunc $1 | while IFS= read -r line; do printf '%s %s\n' "$(date '+%Y-%m-%d %H:%M:%S.%N')" "$line"; done | tee -a generateTransferId.log 
else
       echo "Input file not found!"
fi

Note: senderSecret is generated by JWT. Please see https://medium.com/identity-beyond-borders/how-to-configure-sign-in-with-apple-77c61e336003

You can run the script by

sh generate_transfer_identifier.sh input.csv

Here is sample input.csv

oid,appleId,email
129914891,001870.1ffcf5**************************.0729,a********@privaterelay.appleid.com
129985693,001559.8322cd**************************.0728,b********@privaterelay.appleid.com

Then you will receive "transfer identifier" for each user.

After that you can use the "transfer identifier" for retrieving new user id that is used with Recipient Team. Please read this article for convert "transfer identifier" to the new user id. https://developer.apple.com/documentation/sign_in_with_apple/bringing_new_apps_and_users_into_your_team

Note: You can modify the above script to call an API to convert it.

Finally, you will receive the new user id. Then you just need to update the user id into your database.

I hope the above information is useful to you.

Kong Lee-wit
  • 61
  • 2