The id_token is missing from all instances of TokenResponse

Question

The TokenResponse (https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse) returned from https://appleid.apple.com/auth/token does not contain "id_token" field, effectively rendering SIWA non-working:
{"access_token":"...","token_type":"Bearer","expires_in":3600,"refresh_token":"..."}

The "id_token" is the only field that can be validated since it's a JWT and contains the user's identity (subject) that can be used to match with our backend's records.

This started about 4 hours ago and is still not fixed.
I posted feedback at https://feedbackassistant.apple.com/feedback/9024635, duplicating here if someone can give any advice.

2.4k

Posted by

onyXMaster

Reply

Add a Comment

Answer 1

We are having the same issue, id_token is missing :(

Response from https://appleid.apple.com/auth/token:

{
"access_token": "<access_token>",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "<refresh_token>"
}

It started 3 hours ago.

Posted by

renatosnrg

Add a Comment

Answer 2

Having the same issue and I've started receiving jwt payloads with an access_token but without an id_token. This is breaking functionality on our site. Help!!

Posted by

thayden@gmail.com

Add a Comment

Answer 3

I am experiencing the same issue with my app -- no users can sign up or sign back in. Since the identity token is blank -- I can't decode and verify. Hopefully gets fixed soon... I've noticed it for the last hour.

Posted by

mickdev

Add a Comment

Answer 4

It's intermittent, sometimes it returns the id_token, and for some apps it does not return at all.

Expected response:

{
"access_token": "<access_token>",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "<refresh_token>",
"id_token": "<id_token>"
}

Posted by

renatosnrg

Add a Comment

Answer 5

We're seeing the same issue here at Khan Academy. Started around 5:40am PDT. The TokenResponse has all fields except the id_token. As a result, Sign in with Apple is unusable for us right now.

Posted by

jeremy_khan

Add a Comment

Answer 6

Has anyone had any luck getting this fixed or reaching out to apple?

Posted by

thayden@gmail.com

Add a Comment

Answer 7

I am also seeing the id_token missing from requests coming from Apple to my servers for the Sign in with Apple JS callback flow. Which is breaking the sign in flow. No changes were made to the scopes requested on the client initiating the OIDC request. Started happening at 8am MDT.

Posted by

asjdfaosijdfoiajsdpfoi

Add a Comment

Answer 8

It seems to have been resolved 47min ago based on our reports.

Posted by

ferran@demand

Add a Comment

Answer 9

We still have the issue :(

Posted by

renatosnrg

Add a Comment

Answer 10

Seems to have resolved here too.

Posted by

jeremy_khan

Add a Comment

Answer 11

Where can we read about the issue and its fix on Apple platform? It is obvious that there was a bad deployment, downtime, and a hot-fix / rollback. This is needed for customer accountability.

Posted by

beria

Add a Comment

Answer 12

We still have the issue for some of our customers.

Last error: 30 minutes ago.

It's intermittent.

Posted by

renatosnrg

Add a Comment

Answer 13

Since that time (5 hours ago) we didn't have errors anymore. It seems to have back to normal.

Posted by

renatosnrg

Add a Comment

The id_token is missing from all instances of TokenResponse

Replies