Post not yet marked as solved
Custom URL schemes are much less secure than universal app links - best to use those instead. Can then have a fallback on the URL which directs back through a URL scheme. Also bear in mind the data is posted rather than provided as URL params.
Thanks. That makes sense.For anyone else having trouble with this, this is how you can generate the client secret JWTs for different client IDs from the same key (Node JS example):const key = `
-----BEGIN PRIVATE KEY-----
***
-----END PRIVATE KEY-----
`;
const teamId = '***';
const keyId = '***';
const webClientId = 'com.example.backend-auth-system'; // the Services ID
const appClientId = 'com.example.MyApp'; // the App ID
const jsonwebtoken = require('jsonwebtoken');
// for web use
jsonwebtoken.sign({}, key, {
algorithm: 'ES256',
expiresIn: '1d',
audience: 'https://appleid.apple.com',
subject: webClientId,
issuer: teamId,
keyid: keyId,
});
// for native use
jsonwebtoken.sign({}, key, {
algorithm: 'ES256',
expiresIn: '1d',
audience: 'https://appleid.apple.com',
subject: appClientId,
issuer: teamId,
keyid: keyId,
});Presumably the Services IDs/App IDs all need to be associated with the same primary App ID. The key is then associated to that group via the primary App ID too.
Post not yet marked as solved
This part of the UI is currently broken/buggy. You can get the same file at https://developer.apple.com/account/resources/services/configure
Unfortunately looks like some of my formatting got mangled.These were the code snippets provided above:func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {
guard let credential = authorization.credential as? ASAuthorizationAppleIDCredential else {
return
}
let authorizationCode = String(data: credential.authorizationCode!, encoding: .utf8)
}curl "https://appleid.apple.com/auth/token" \
-d "client_id=***" \
-d "client_secret=***" \
-d "grant_type=authorization_code" \
-d "code=***" \
-d "redirect_uri=***"