Hi Frank, all non-renewing subscription purchase transactions will be recorded in the receipt, you can call SKReceiptRefresh to get the latest receipt for the app, and all the previous non-renewing subscription transactions will be stored there. https://developer.apple.com/documentation/storekit/skreceiptrefreshrequest I am using non-renewing subscription for my own app without server, and it restores just fine.

If it is a non-renewing subscription, user can buy the same product again and again. Your app will need to check whether the user is still within the particular challenge period (within 30 days after buying the daily workout challenge), so that they wont accidentally buy the same challenge again while still inside the 30 days period.

Yes, if an app is downloaded from App Store, the receipt will be included in the app bundle by default, even if the app is free.

Yes, App Store Reviewer will review your app using the latest iOS (which is 13 now), if Sign in with Apple works on their review device, your app will pass the review.

Just to confirm, did you generate the public key using your .p8 private key, and use that public key in https://jwt.io/#debugger to verify that the signature of your generated client secret is correct?Another suggestion from me would be to remove the "User-Agent" header and see if it works

The third part is the signature, which is an encrypted hash of header + body, which is encrypted using Apple's private key.The signature is used to verify that the id_token indeed comes from Apple, not maliciously crafted by the end user or attacker.You can verify the signature using the Apple's public key : https://appleid.apple.com/auth/keys

How did you generate the client secret? Can you post the code you used to generate your client secret? Most likely the issue is because the signature is incorrect for the client secret JWT.

Yes it can and has changed before. Few months ago Apple public key was AIDOPK1, then this month they have changed to other Key ID. My guess would be like Apple change the public key once every month? You can set up a cron job to call the public key endpoint once every 24 hours, then save the latest public keys JSON into your database (and replace the old one), then your backend can use the saved public keys to verify the identityToken.

My guess would be the signature generation part might be incorrect, which generated DER encoded format instead of the raw concatenation of the R and S values, as explained further in this StackOverflow answer.You can generate the public key of your .p8 private key by running this code in the terminal :openssl ec -in AuthKey_123ABC456.p8 -pubout -out AuthKey_123ABC456_Public.p8Then using the public key generated, you can paste your client secret JWT in https://jwt.io/#debugger , and paste the public key to check if the signature verification succeed. If it fails, it mean that there's something wrong with signature generation.