"invalid_client" no matter what I do.

It seems no matter what I do, I cannot get this API to work.

Here is my cURL:


curl --request POST \
  --url https://appleid.apple.com/auth/token \
  --header 'content-type: application/x-www-form-urlencoded' \
  --header 'user-agent: Insomnia' \
  --data client_id=love.censio.Censio \
  --data code=cdb2d8ca46a934a61b0e922dbb333fa55.4.n22yw.W01rp-n_4444rhfKK5rmjw \
  --data grant_type=authorization_code \
  --data client_secret=eyJraWQiOiJNU1ROM1I5VDkzIiwidHlwIjoiSldUIiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwic3ViIjoibG92ZS5jZW5zaW8uQ2Vuc2lvIiwiaXNzIjoiUjhGWEhWRzU0NyIsImV4cCI6IjE1ODYzNjI3ODM0MDAiLCJpYXQiOiIxNTg1NzU3OTgzNDAwIn0.v5GsqXSeCZH2T5qLv1qjxEfNi2-H3_Cji_1SCdE_DFP5FguYZ9ImibyYWVBw5LKCF0F9K2sMJFQwIx_EhqC-dQ
uYXBwbGUuY29tIiwic3ViIjoibG92ZS5jZW5zaW8uQ2Vuc2lvIiwiaXNzIjoiUjhGWEhWRzU0NyIsImV4cCI6IjE1OTEwMjc2NDcwNjYiLCJpYXQiOiIxNTg1NzU3MjQ3MDY2In0.wAFS03yQ3**5eKySbT5Gb7JPFijMO8jK3jWfyjZE0qxwDk668QX1kgSRG09z2Q8Uhv6yeQqmolPEFXQExd29lg


JWT Body

{
  "kid": "MSTN3R9T93",
  "typ": "JWT",
  "alg": "ES256"
}
{
  "aud": "https://appleid.apple.com",
  "sub": "love.censio.Censio",
  "iss": "R8FXHVG547",
  "exp": "1586362783400",
  "iat": "1585757983400"
}



Please Help!

How did you generate the client secret? Can you post the code you used to generate your client secret? Most likely the issue is because the signature is incorrect for the client secret JWT.

I opened up a TIC with Apple. To save other engineers some hassle, here's what was wrong:


1. The "exp" and "iat" timestamps should be in epoch SECONDS, not epoch millis, which I was first using.

2. The timestamps need to literally be a JSON number, as opposed to a string value.

3. I had the wrong kid


In other words,


{
  "aud": "https://appleid.apple.com",
  "sub": "love.censio.Censio",
  "iss": "xxxxx",
  "exp": 1587239821,
  "iat": 1586635021
}
"invalid_client" no matter what I do.
 
 
Q