Same problem here. This is completely ridiculous and makes it impossible to develop watch apps on Xcode 14.
Post
Replies
Boosts
Views
Activity
I would really like an answer to this last question.
If the idea is that our API server gets a refresh + access token, then passes the access token to the (user side) app client, which they then use as a bearer token to access resources on the API server (at least, I think this is what is implied by the rather not-too-great docs), then you want to be able to either verify the access token on every request to your API server, which includes checking its validity. If it's nearing expiry, you should use the refresh token to request a new access token.
If you have access token validity at 1h, and throttling on token endpoint calls at 1 per day, that's a big fail.
Anyhow, I'd really like to know apple's preferred way of doing this, without us either (1) rolling our own token issuing on our servers; or (2) relying on a service such as Cognito in the middle to handle token issuing.