Token Refresh

Question

Created Oct ’19

Replies 3

Boosts 0

Views 2.5k

Participants 4

We have implemented Sign in With Apple and have a server side daily check of tokens using the "refresh_token" grant type.

https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens

For currently valid users we get a new 200 response with the Access Token as expected. However if I visit appleid.apple.com and revoke the app in there the response is "invalid_request" with a 400 response from Apple. Is this expected and is this how we tell a token is no longer valid or should we expect a different response?

Boost

Answer 1

adnangul OP

Mar ’20

I'm getting the followings in the response

{

access_token: 'xxxxxxxxxxxaxxxxxxxxx',

token_type: 'Bearer',

expires_in: 3600

}

Whereas I was expecting a TokenResponse, as per

https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens

Now the problem is access_token is if no use as of now, where do I get the followings, which were supposed to come part of TokenResponse

id_token

refresh_token

Without id_token, I can't extract user id, without refresh_token I can revalidate after the current refresh_token expires

0

Answer 2

vinnyj OP

Jun ’20

Hello,
Have you guys found an answer on this?
Thanks

1

Answer 3

nandanj OP

Jul ’20

When a user is not in good standing, I believe the apple server is expected to respond with status code 400 and the response body invalid_grant.

https://developer.apple.com/documentation/sign_in_with_apple/errorresponse
invalid_grant
The authorization grant or refresh token is invalid.

Wondering what would cause the server to return invalid_request particularly after everything has been working well for several days.

1