I thought I'd get an answer rather quick, since this seems to be a recurrent question Could anyone help on this one please ?

Ah, Sign in with Apple! Love it ;-) so I’m going to retag your question and hope that someone else chimes in Thanks If you feel that would have helped you here, please file an enhancement request against the docs It would definitely have! Thanks for the advice, I'll sure give some feedback about that

First I enjoyed reading your answer. Very constructive, very clear. What Apple service is this key for? This endpoint: https://appleid.apple.com/auth/token As explained here, this key's used to build the client_secret param. Since this key is stored in a text file and the sign method needs a string key, what I do is concatenating every line of the file, removing both carriage returns and BEGIN/END boundaries obviously.

Sure, there you go: SEQUENCE { INTEGER 0 SEQUENCE { OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1) OBJECT IDENTIFIER prime256v1 (1 2 840 10045 3 1 7) } OCTET STRING, encapsulates { SEQUENCE { INTEGER 1 OCTET STRING XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX [0] { OBJECT IDENTIFIER prime256v1 (1 2 840 10045 3 1 7) } [1] { BIT STRING XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX } } } }

Apple .p8 files generally don’t contain a public key. Rather, they have a private key and you can derive a public key from that. The dumpasn1 tool shows 2 octet sequences: ecPublicKey and prime256v1. That's why I supposed so. Why do you need a certificate? I'm implementing an OAuth2 Social Login from Salesforce. To authenticate on the Apple side, I use an Apex method called Crypto.sign(). The invalid_client error message I'm getting from Apple probably tells me that the JWT Salesforce sends is not signed correctly. After doublechecking the JWT structure, I came to the conclusion that the P-256 curve needed by Apple is not part of this method's implementation. As an alternative solution, I thought about using another Apex method named Crypto.signWithCertificate(), that says it all...

Thanks a lot Matt

Hi Paris, Thank you for your support. If I understand it well (quoting the documentation) "The modified name is only shared with your app and not with Apple" basically means that I have no chance to retrieve the user's full name via the https://appleid.apple.com/auth/authorize API, is that right? If yes, I wonder how some websites can actually retrieve the user's name after an SSO (OAuth 2) login.

Thank you for your answer. Regarding your code, I don't know anything to Swift. I tried to execute it on an online playground. Some errors showed, for example: error: use of unresolved identifier 'kSecAttrKeyType' let attributes = [kSecAttrKeyType: kSecAttrKeyTypeEC, Are some imports required? So, what are you looking to do with a raw string here? I'm trying to use an Apex method called Crypto.sign() whose last param, privateKey, is essentially a representation of a string ("Blob" type). That's why I want to extract the private key info from my p8 APNs file, which contain both a private and a public keys. https://developer.salesforce.com/docs/atlas.en-us.apexref.meta/apexref/apex_classes_restful_crypto.htm#apex_System_Crypto_sign

BTW I can see that I'm (obviously) not the only Developer concerned: https://developer.apple.com/forums/thread/671011 Any help/support would definitely be appreciated!