I'm using SwiftJWT https://github.com/IBM-Swift/Swift-JWT.git and it provides a method:         let jwtDecoder = JWTDecoder(keyIDToVerifier: getVerifier) which you pass a kid and it returns a verifier.     private func getVerifier(using kid: String) -> JWTVerifier?  {         guard let publicKeyPEM = toPEM(kid: kid) else {             return nil         }         guard let publicKeyData = publicKeyPEM.data(using: .utf8) else {             return nil         }         return JWTVerifier.rs256(publicKey: publicKeyData)     } toPEM(kid: kid) is just my method to lookup a key given a specific kid string.

Just adding my agreement -- please provide documentation for server-to-server notifications. Thank you.

Thanks, @randomguy. What about the the details of how that endpoint operates? E.g., is it a POST or a GET? Parameters?

I'm assuming this is still life-as-we-know it-- that accessing live photos from sharing extensions doesn't work? See also https://stackoverflow.com/questions/65470983/getting-a-live-image-phlivephoto-when-in-a-sharing-extension-using-the-photos

I have this working on a test server now. See my notes here: https://stackoverflow.com/questions/58178187/apple-sign-in-how-to-use-it-for-custom-server-endpoint-authentication/62604213#62604213 It would still be nice to have some Apple docs reflecting this. Feels like I'm kinda operating in the blind.