The id_token is missing from all instances of TokenResponse

Question

Created Mar ’21

Replies 13

Boosts 0

Views 2.9k

Participants 8

The TokenResponse (https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse) returned from https://appleid.apple.com/auth/token does not contain "id_token" field, effectively rendering SIWA non-working:
{"access_token":"...","token_type":"Bearer","expires_in":3600,"refresh_token":"..."}

The "id_token" is the only field that can be validated since it's a JWT and contains the user's identity (subject) that can be used to match with our backend's records.

This started about 4 hours ago and is still not fixed.
I posted feedback at https://feedbackassistant.apple.com/feedback/9024635, duplicating here if someone can give any advice.

Boost

Answer 1

renatosnrg OP

Mar ’21

We are having the same issue, id_token is missing :(

Response from https://appleid.apple.com/auth/token:

{
"access_token": "<access_token>",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "<refresh_token>"
}

It started 3 hours ago.

1

Answer 2

thayden@gmail.com OP

Mar ’21

Having the same issue and I've started receiving jwt payloads with an access_token but without an id_token. This is breaking functionality on our site. Help!!

1

Answer 3

mickdev OP

Mar ’21

I am experiencing the same issue with my app -- no users can sign up or sign back in. Since the identity token is blank -- I can't decode and verify. Hopefully gets fixed soon... I've noticed it for the last hour.

1

Answer 4

renatosnrg OP

Mar ’21

It's intermittent, sometimes it returns the id_token, and for some apps it does not return at all.

Expected response:

{
"access_token": "<access_token>",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "<refresh_token>",
"id_token": "<id_token>"
}

0

Answer 5

jeremy_khan OP

Mar ’21

We're seeing the same issue here at Khan Academy. Started around 5:40am PDT. The TokenResponse has all fields except the id_token. As a result, Sign in with Apple is unusable for us right now.

1

Answer 6

thayden@gmail.com OP

Mar ’21

Has anyone had any luck getting this fixed or reaching out to apple?

0

Answer 7

asjdfaosijdfoiajsdpfoi OP

Mar ’21

I am also seeing the id_token missing from requests coming from Apple to my servers for the Sign in with Apple JS callback flow. Which is breaking the sign in flow. No changes were made to the scopes requested on the client initiating the OIDC request. Started happening at 8am MDT.

0

Answer 8

ferran@demand OP

Mar ’21

It seems to have been resolved 47min ago based on our reports.

0

Answer 9

renatosnrg OP

Mar ’21

We still have the issue :(

0

Answer 10

jeremy_khan OP

Mar ’21

Seems to have resolved here too.

0

Answer 11

beria OP

Mar ’21

Where can we read about the issue and its fix on Apple platform? It is obvious that there was a bad deployment, downtime, and a hot-fix / rollback. This is needed for customer accountability.

2

Answer 12

renatosnrg OP

Mar ’21

We still have the issue for some of our customers.

Last error: 30 minutes ago.

It's intermittent.

0

Answer 13

renatosnrg OP

Mar ’21

Since that time (5 hours ago) we didn't have errors anymore. It seems to have back to normal.

0