Authorization_code validation (auth/token) results invalid_grant

Hi all. In order to prepare for the new "Account deletion guidance", I have been trying to retrieve access_token and refresh_token from the authorization_code but the POST request to https://appleid.apple.com/auth/token always results invalid_grant error.

https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens

I've tested with fresh authorization_codes that were not expired and generated by actual devices (not simulators), but I always end up with "The code has expired or has been revoked" message. Can somebody please help?

{"error":"invalid_grant","error_description":"The code has expired or has been revoked."}%  

Here's my request via cURL.

curl -v POST "https://appleid.apple.com/auth/token"
-H 'content-type: application/x-www-form-urlencoded'
-d 'client_id={bundle_id}'
-d 'client_secret={new JWT string}'
-d 'code={authorization_code'}
-d 'grant_type=authorization_code'

Here are the headers and claims for generating a new JWT string.

headers = { 'kid' => private_key_id (.p8), }

claims = { 'iss' => team_id, 'iat' => Time.now.to_i, 'exp' => Time.now.to_i + 86400*180, 'aud' => 'https://appleid.apple.com', 'sub' => bundle_id, }

For alg Im using ES256.

any solution?

Were you able to solve this? I found a couple other posts having the same problem, but none have a solution. There is one person who apparently solved it just by waiting a couple days (https://stackoverflow.com/a/68748866/203773). Did that work for you?

Authorization_code validation (auth/token) results invalid_grant
 
 
Q