Currently as part of project, we are decoding the token at server side which we received from iPhone app after apple login.
iOS code snippet: let appleIDToken = appleIDCredential.identityToken let idTokenString = String(data: appleIDToken, encoding: .utf8) idTokenString value is passed to server.
Server side code snippet: jwt.decode(token, { complete: true }); token value is idTokenString which we received from iOS app.
We are facing security concern as this token is able to decode directly without any security key.
Is there any way by which we can get token from apple with encrypted key. This key will be kept as a secret key at apple and our project side as well. Hence, it will be secured or is there any apple link where this token can be decoded.
Please check on this concern. We have attached screenshot for your reference.