Post marked as Apple Recommended
The refresh token does not have a time-based expiry but certain events on the Apple ID account (e.g., password change) will invalidate the refresh token.
A new refresh token cannot be obtained without a re-login.
Post not yet marked as solved
Hi
Can you let me know the scopes you are requesting? If you are asking for both name and email, can you check if the scope parameter values are provided as described in:
https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms
scope
The amount of user information requested from Apple. Valid values are name and email. You can request one, both, or none. Use space separation and percent-encoding for multiple scopes; for example, "scope=name%20email".
Post not yet marked as solved
Once the user signs in with their Apple ID after the application has transferred to your team, the issued ID token will contain both the standard identifier ("sub" claim) unique to your team and the transfer identifier. You can then use the transfer identifier to correlate the signing in user to an existing user you may have received from the original team that transferred the app to you.
The question below is not clear since the transfer identifiers cannot be used to sign in.
"Can I login with this transfer ID before or during the transfer app?" Can you elaborate the scenario you are considering ?
Post not yet marked as solved
Hi
This means that you can log in using the transfer ID instead of the original user ID. Transfer ID is not something you use to login and users will never see it.
If you plan to transfer an app from your team to another team, you can generate a transfer identifier any time. If you are recipient of an app from another team, you can obtain the transfer identifier after the transfer and up to 60 days.
Post not yet marked as solved
Hi AjayAre you using the same Id in both the front-end authorization request and the server-server to call ("sub" in the client secret) ?If yes, please raise a Feeback Assistant request with the details of your app
Post not yet marked as solved
HiCan you create a feedback assistant ticket with the details of the account / @mac.com email address and the app information for us to check this out. Thanks
HiPlease create a Feedback Assistant item with the following information:Your team IDYour application IDApple ID account that is facing the issueWe will check this out.
This is by design. From https://developer.apple.com/documentation/signinwithapplerestapi/authenticating_users_with_sign_in_with_apple"If you request the user’s full name, Sign in with Apple collects the information to pass along to your app. The name defaults to the user’s name from their Apple ID, but the user can change their name. The modified name is only shared with your app and not with Apple, and hence isn’t included in the ID token.”
Post not yet marked as solved
You are getting this error because we use ES256 algorithm and the framework you are using does not support it.
Post not yet marked as solved
How does extending the class and adding ES256 build support for ES256 algorithm in the underlying framework ?
I checked the information you provided. The failure occurs since the client id you are using is incorrect for signing in on web. You are using the primary app's id (iOS app's ID) instead of the services ID. Since the primary app does not have any redirect URLs registered whereas the authorization request contains a redirect URL, it fails validation.To fix this, use the services app id in your web authorization / sign-in requests.
The request to the token endpoint expects a POST with attrbutes as HTTP POST parameters as described in https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokensYour code above shows this:request.body = request_body.to_json Are you posting JSON data in which case the server will not recognize it and hence would compain about missing mandatory parameters such as grant_type.
Please, can you retry now? We have resynced your application redirect URLs across all servers. We will analyze the cause of failure in parallel.
Post not yet marked as solved
The data you provded all looks good but you mentioned that you are using Firebase php-jwt. From what we see at https://jwt.io Firebase does not seem to support the ES256 algorithm.Also from: https://github.com/firebase/php-jwt/blob/master/src/JWT.php: public static $supported_algs = array( 'HS256' => array('hash_hmac', 'SHA256'), 'HS512' => array('hash_hmac', 'SHA512'), 'HS384' => array('hash_hmac', 'SHA384'), 'RS256' => array('openssl', 'SHA256'), 'RS384' => array('openssl', 'SHA384'), 'RS512' => array('openssl', 'SHA512'), );Can you try with another PHP library that supports ES256.
Post not yet marked as solved
Hi Daniel,To help troubleshoot this, can you report this through the Feedback Assistant providing the following information1. your client_id2. Redirect URI
