Generating Client Secret

Hi,


1. Is it really neccessary to have a private key in order to generate a client secret?

2. Is there a way to generate a client secret without using a private key? How?

3. Based on your documentation (https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens), it mention that the client secret contains header and payload. It didnt mention a private key to generate client secret. We have search some codes on how to generate client secret, and found out that they used private key in order to generate client secret. So how are we going to create a client secret based on your documentation which didnt mention using private key?


Sample header and payload from documentation (https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens)

{
  "alg": "ES256",
  "kid": "ABC123DEFG"
}
{
  "iss": "DEF123GHIJ",
  "iat": 1437179036,
  "exp": 1493298100,
  "aud": "https://appleid.apple.com",
  "sub": "com.mytest.app"
}
Up vote post of menard josef Down vote post of menard josef
22k views
Posted by
menard josef
Reply
Add a Comment

Replies

Hi guys,


Any thoughts or ideas about this? really need some help


Thanks

Posted by
menard josef
Up vote reply of menard josef Down vote reply of menard josef
Add a Comment

You will need to generate the private keys in the Apple Developer Portal


Generate an App ID

Then generate a service ID for that app

And finally create the keys for your app


For more details, see https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple

Posted by
khacken
Post not yet marked as solved Up vote reply of khacken Down vote reply of khacken
Add a Comment