We have our app, which has sign in with apple. We implemented it some time ago. It's been working generally fine. We receive some small amount of invalid_client responses which we are unsure about, but most response seem to be correct.
We've recently gotten rejected multiple times because the reviewer cannot sign in with apple. When checking the logs, it appears that the app reviewer, and only the app_reviewer receives invalid_grant . We've been unable to reproduce this issue so far. We've looked at the requests and nothing seems suspect.
Is there anything at the account level which can cause a user to receive invalid grant? I've tried creating an account outside the countries we support, and it seems to work fine.
Our requests look like this:
curl -X 'POST' -d 'client_id=<our_app_id>&client_secret=<secret>&code=<code>&grant_type=authorization_code' -H 'Accept: application/json' -H 'Content-Type: application/x-www-form-urlencoded' 'https://appleid.apple.com/auth/token'
These requests are coming from our native app. But it appears to happen regardless of whether we include a redirect_uri or not.