Hello, I need to use a apple sign in in ios application, i get my authorization code from hybryde apllication : let options: SignInWithAppleOptions = { clientId: ConstConfig.APPLE_CLIENT_ID, redirectURI: ConstConfig.APPLE_REDIRECT_URI, scopes: ConstConfig.APPLE_SCOPES, state: ConstConfig.APPLE_STATE, nonce: ConstConfig.APPLE_NONCE }; SignInWithApple.authorize(options) .then((result: SignInWithAppleResponse) => { this.authenticate.appleAuthorizationCode = result.response.authorizationCode; this.authenticate.appleUser = result.response.user; this.authenticate.appleIdentityToken = result.response.identityToken; i send this 3 value to my backend JAVA to validate the accessToken and get the refrsh token, validate java Method : logger.info("Apple authorization validation"); // get the subject received from the client String clientSubject = getSubject(identityToken); // verifying the code by the apple server String token = getToken(); logger.debug("Authorize with token:" + token); Map<String, String> params = new HashMap<>(); params.put("client_id", APPLE_CLIENT_ID); params.put("client_secret", token); params.put("code", authorisationCode); params.put("grant_type", "authorization_code"); params.put("redirect_uri", ""); if (redirectURI != null) { } String response = post(APPLE_AUTH_URL, params); logger.info("Apple authorization response:" + response); AppleTokenResponse tokenResponse = objectMapper.readValue(response, AppleTokenResponse.class); if (tokenResponse.getError() != null && tokenResponse.getError().length() > 0) { logger.warn("Error during verification of the code. Reason:" + tokenResponse.getError()); return null; } String serverSubject = getSubject(tokenResponse.getId_token()); if (!serverSubject.equals(clientSubject)) { logger.warn("Validation failed, subject does not match!"); return null; } return getClaims(tokenResponse.getId_token()); the JWT TOken : return Jwts.builder() .setHeaderParam(JwsHeader.KEY_ID, APPLE_KEY_ID) .setHeaderParam(JwsHeader.ALGORITHM,"ES256") .setIssuer(APPLE_TEAM_ID) .setAudience(APPLE_APPLE_ID_URL) .setSubject(APPLE_CLIENT_ID) .setExpiration(new Date(System.currentTimeMillis() + (1000 * 60 * 5))) .setIssuedAt(new Date(System.currentTimeMillis())) .signWith(SignatureAlgorithm.ES256, pKey) .compact(); how i get my private key : File file = new File(APPLE_CERTIFICATE_PATH); try { PEMParser pemParser = new PEMParser(new FileReader(file)); JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject(); APPLE_PRIVATE_KEY = converter.getPrivateKey(object); logger.info("load apple private keys Ok."); } catch (Exception ex) { logger.error("error on generate apple sign in private Key : ", ex); } thr response still return : {"error":"invalid_grant","error_description":"client_id mismatch. The code was not issued to bundleID"}, i don't know the reason. i read that i nedd to check in testFlit, ido but i still get the same error, i also put the same redirect_url in front and back (for me that not needed because i dont use u web sign in ) but i still get the same error. for my bundle id i use the APP Identifier not the service Identifier in front and back. its correct ? thank for your help.

Hello, Do Apple root certificates AppleRootCA-G2.cer and AppleRootCA-G3.cer expire? if yes, in how long? thanks in advance.

Good morning, I am in the process of setting up a new release of my application, in fact I recently submitted a release using stripe as a means of payment for subscriptions which was refused by telling me that it must go through Apple IAP. Currently everything has been migrated to IAP, my subscriptions are offered by period (1 month, 6 months, etc.), and with discount vouchers that I manage until now with my server (managarial/marketing choice). The approach used to manage this is to offer two subscriptions on Apple Connect for each period: for example 1 month => there is one subscription with $3 and one with $2. With respect to my server verifications (has the user validated their discount voucher or not), I display the appropriate subscription to them. Could you please tell me that this approach will not impact me on my next review? while knowing that currently all subscriptions now go through IAP Apple and my work on the server side only manages the display of the appropriate products and whether or not the user has validated their reduction voucher. Tank you.