> ## Documentation Index
> Fetch the complete documentation index at: https://recurr.dev/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Identity continuity

> Apple and Google Sign In are first-class on the web checkout. Subscribers continue with the same identity provider they used in-app.

The most common conversion drop in any migration flow is the moment a subscriber is asked to "create a password." Migration sidesteps this by carrying identity forward — if they signed in with Apple in-app, they sign in with Apple on web.

## Why this matters

A subscriber on the migration email link arrives on web with a single goal: confirm the migration and keep their subscription active. Anything between them and that confirmation step is a churn risk.

"Create a password and verify your email" is the highest-friction interruption available. Even with the right copy and a recovery flow, a non-trivial fraction of subscribers will close the tab.

The framework removes that step entirely for the majority of subscribers — they tap "Sign in with Apple," authorize, and the migration completes.

## Supported providers

<CardGroup cols={2}>
  <Card title="Apple Sign In" icon="apple">
    First-class on web checkout. Recognizes the same Apple ID the subscriber used in-app, including private-relay email addresses.
  </Card>

  <Card title="Google Sign In" icon="google">
    First-class on web checkout. Same Google account they signed in with on Android (or iOS, if they used Google Sign In there).
  </Card>

  <Card title="Email magic link" icon="envelope">
    Fallback for subscribers without OAuth identity. The framework sends a one-time login link to the email on file; one tap from inbox to authenticated session.
  </Card>

  <Card title="Email + password" icon="key">
    Available but de-emphasized. Used only when none of the above are configured for the subscriber's account.
  </Card>
</CardGroup>

## Mapping identity to subscription

The migration framework tracks the subscriber identity across rails:

* **In-app identity** (Apple ID, Google account, or your app's auth) is recorded against the app-store subscription
* **Web identity** (whichever provider they used at checkout) is mapped to the same canonical subscriber record
* **Webhook back to your entitlement system** carries the canonical subscriber ID, so your app's existing identity model continues to work

If a subscriber chose a different provider on web than they used in-app (e.g., Apple in-app, Google on web), the framework recognizes the migration via the email link's hash and writes the entitlement under the canonical record. The subscriber doesn't see the cross-mapping; their app just continues to work.

## Apple Sign In + private relay

Apple Sign In's private-relay email addresses (`xyz@privaterelay.appleid.com`) are fully supported:

* The framework can email subscribers at the relay address; Apple forwards
* The relay address is stable per-subscriber, so it works as the canonical identifier
* Subscribers can revoke private-relay forwarding from Apple, in which case the email becomes undeliverable; this is rare and the framework flags it for the support flow

## What the app team doesn't have to do

* No new auth flow in the app
* No password reset / account recovery wiring
* No identity-merge logic in your backend
* No OAuth client registrations on your side (the framework's OAuth apps are used)

[Pilot reservation →](/working-with/pilot-reservation)