Hi all. In order to prepare for the new "Account deletion guidance", I have been trying to retrieve access_token and refresh_token from the authorization_code but the POST request to https://appleid.apple.com/auth/token always results invalid_grant error. https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens I've tested with fresh authorization_codes that were not expired and generated by actual devices (not simulators), but I always end up with "The code has expired or has been revoked" message. Can somebody please help? {"error":"invalid_grant","error_description":"The code has expired or has been revoked."}%   Here's my request via cURL. curl -v POST "https://appleid.apple.com/auth/token" -H 'content-type: application/x-www-form-urlencoded' -d 'client_id={bundle_id}' -d 'client_secret={new JWT string}' -d 'code={authorization_code'} -d 'grant_type=authorization_code' Here are the headers and claims for generating a new JWT string. headers = { 'kid' => private_key_id (.p8), } claims = { 'iss' => team_id, 'iat' => Time.now.to_i, 'exp' => Time.now.to_i + 86400*180, 'aud' => 'https://appleid.apple.com', 'sub' => bundle_id, } For alg Im using ES256.