"invalid_client" no matter what I do.

It seems no matter what I do, I cannot get this API to work.

Here is my cURL:


curl --request POST \
  --url https://appleid.apple.com/auth/token \
  --header 'content-type: application/x-www-form-urlencoded' \
  --header 'user-agent: Insomnia' \
  --data client_id=love.censio.Censio \
  --data code=cdb2d8ca46a934a61b0e922dbb333fa55.4.n22yw.W01rp-n_4444rhfKK5rmjw \
  --data grant_type=authorization_code \
  --data client_secret=eyJraWQiOiJNU1ROM1I5VDkzIiwidHlwIjoiSldUIiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwic3ViIjoibG92ZS5jZW5zaW8uQ2Vuc2lvIiwiaXNzIjoiUjhGWEhWRzU0NyIsImV4cCI6IjE1ODYzNjI3ODM0MDAiLCJpYXQiOiIxNTg1NzU3OTgzNDAwIn0.v5GsqXSeCZH2T5qLv1qjxEfNi2-H3_Cji_1SCdE_DFP5FguYZ9ImibyYWVBw5LKCF0F9K2sMJFQwIx_EhqC-dQ
uYXBwbGUuY29tIiwic3ViIjoibG92ZS5jZW5zaW8uQ2Vuc2lvIiwiaXNzIjoiUjhGWEhWRzU0NyIsImV4cCI6IjE1OTEwMjc2NDcwNjYiLCJpYXQiOiIxNTg1NzU3MjQ3MDY2In0.wAFS03yQ3**5eKySbT5Gb7JPFijMO8jK3jWfyjZE0qxwDk668QX1kgSRG09z2Q8Uhv6yeQqmolPEFXQExd29lg


JWT Body

{
  "kid": "MSTN3R9T93",
  "typ": "JWT",
  "alg": "ES256"
}
{
  "aud": "https://appleid.apple.com",
  "sub": "love.censio.Censio",
  "iss": "R8FXHVG547",
  "exp": "1586362783400",
  "iat": "1585757983400"
}



Please Help!

Up vote post of wellington-censio Down vote post of wellington-censio
1k views
Posted by
wellington-censio
Reply
Add a Comment

Replies

How did you generate the client secret? Can you post the code you used to generate your client secret? Most likely the issue is because the signature is incorrect for the client secret JWT.

Posted by
soulchild
Up vote reply of soulchild Down vote reply of soulchild
Add a Comment

I opened up a TIC with Apple. To save other engineers some hassle, here's what was wrong:


1. The "exp" and "iat" timestamps should be in epoch SECONDS, not epoch millis, which I was first using.

2. The timestamps need to literally be a JSON number, as opposed to a string value.

3. I had the wrong kid


In other words,


{
  "aud": "https://appleid.apple.com",
  "sub": "love.censio.Censio",
  "iss": "xxxxx",
  "exp": 1587239821,
  "iat": 1586635021
}
Posted by
wellington-censio
Up vote reply of wellington-censio Down vote reply of wellington-censio
Add a Comment