Post not yet marked as solved
I have this working on a test server now. See my notes here: https://stackoverflow.com/questions/58178187/apple-sign-in-how-to-use-it-for-custom-server-endpoint-authentication/62604213#62604213
It would still be nice to have some Apple docs reflecting this. Feels like I'm kinda operating in the blind.
Post not yet marked as solved
I'm assuming this is still life-as-we-know it-- that accessing live photos from sharing extensions doesn't work? See also https://stackoverflow.com/questions/65470983/getting-a-live-image-phlivephoto-when-in-a-sharing-extension-using-the-photos
Thanks, @randomguy. What about the the details of how that endpoint operates? E.g., is it a POST or a GET? Parameters?
Post not yet marked as solved
Just adding my agreement -- please provide documentation for server-to-server notifications. Thank you.
Post not yet marked as solved
I'm using SwiftJWT https://github.com/IBM-Swift/Swift-JWT.git and it provides a method:
let jwtDecoder = JWTDecoder(keyIDToVerifier: getVerifier)
which you pass a kid and it returns a verifier.
private func getVerifier(using kid: String) -> JWTVerifier? {
guard let publicKeyPEM = toPEM(kid: kid) else {
return nil
}
guard let publicKeyData = publicKeyPEM.data(using: .utf8) else {
return nil
}
return JWTVerifier.rs256(publicKey: publicKeyData)
}
toPEM(kid: kid) is just my method to lookup a key given a specific kid string.
Post not yet marked as solved
A few more details-- this problem seems difficult because:1) The id tokens I get on iOS when the user signs in with Apple Sign In have a relatively short expiry duration (seems like 10 minutes).2) Apple throttles the frequency with which you can use the refresh token (e.g., server-side) to generate an id token to once per 24 hours (https://developer.apple.com/documentation/signinwithapplerestapi/verifying_a_user).3) We apparently cannot automatically get a refreshed id token client side on iOS (see https://forums.developer.apple.com/thread/117867).Update on 10/5/19-- Upon actual use of https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens for refresh token validation, I find that it is not actually generating an updated id token. It is generating an access token-- but Apple doesn't define a use for that, and is validating the refresh token.Update on 10/10/19-- A blog article on these issues https://medium.com/@crspybits/apple-sign-in-custom-servers-and-an-expiry-conundrum-d1ad63223870
Any suggestions for moving forward out of this? I'm using the "Juice" example and it had been working for about the past week-- and now it just stopped working with this error.
Post not yet marked as solved
OK-- just found this:https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
Post not yet marked as solved
Where do I find the Service ID? Thanks!