Post not yet marked as solved
I fully agree that revoke-trust-workarounds are a complete UX disaster. Also I'm trying to reason for the current implementation myself and I totally agree that the implementations, currently known through other providers, are more resilient to implement.Other than the, probably subjective, feeling of only having their e-mail address transmitted once, I can't see any privacy advantages here.Compared to the chance of a failing webhook, or something on the server going south, the issue produced by this probably outweigh the "benefits".
Post not yet marked as solved
Yes, you're absolutely right, this is indeed a problem I already thought of but didn't find a good solution for yet.One solution would be for Apple to send the "user" payload again in case the server didn't respond with a positive (e.g. <= 399) statuscode. They could also invalidate the issued token then. But then again this could be abused by developers to always request a "user". One way to mitigate this would be to rate-limit failed requests though.(Also IMO there is heaps of features missing still, e.g. setting an icon if you only want to use SIWA from a Web-App (which I'm currently doing, but an App will follow anyway).
Post not yet marked as solved
Absolutely! My answer was only related to how to test this properly during development. In terms of user experience I've done a PoC implementation using SIWA only creating an account once after the initial "user" payload is received and store the user's subject for subsequent logins.I don't think there is a need to have the "user" returned on every auth.
Post not yet marked as solved
I'd also be keen to know about a planned timeline for adding an icon and decoupling SIWA from an actual app. I'm planning to provide a service related to apps but not necessarily having an app on it's own and I'd like to offer SIWA as my potential clients are Apple users.
Post not yet marked as solved
You can revoke an authorized client by going to appleid.apple.com. There's a link to unauthorize already authorized apps with SIWA. Then you can try again with the same Apple ID and you'll receive the user JSON payload again. Confirmed it works today.
Are you sure you entered the right Service ID? For me this error occurred when I accidentally picked the Service ID associated to the App identifier instead of the Web Service.
Post not yet marked as solved
Same here, submitted one about 5h ago and another one an hour later, both gone. I'm deliberately not submitting any more as I have feeling people doing this might actually make the issue even worse.
