I am successfully generating apple_sso_session_url by using apple clientId, which is opening apple login window and asking for email and password and after that it is calling my redirectSuccessUrl and passing code to redirectSuccessUrl.
I am successfully using that code and other params of apple like keyId, key(p8 file path) and team id by using those params I am able to successfully generate apple client secret
export const generateClientSecret = (): string => {
const privateKey = fs.readFileSync(process.env.APPLE_PRIVATE_KEY_PATH as string, 'utf8');
const claims = {
iss: process.env.APPLE_TEAM_ID,
iat: Math.floor(Date.now() / 1000),
exp: Math.floor(Date.now() / 1000) + 15777000, // 6 months
aud: 'appstoreconnect-v1',
sub: process.env.APPLE_CLIENT_ID,
};
return jwt.sign(claims, privateKey, {
algorithm: 'ES256',
keyid: process.env.APPLE_KEY_ID,
});
};
after that using same clientId, redirectUrl and apple_client_secret when i am calling apple api for getting token we are getting error invalid_client.
const clientSecret = generateClientSecret();
const response = await axios.post('https://appleid.apple.com/auth/token', null, {
params: {
client_id: process.env.APPLE_CLIENT_ID,
client_secret: clientSecret,
code: body.code,
grant_type: 'authorization_code',
redirect_uri: process.env.APPLE_SSO_REDIRECT_URL,
},
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
});