Using AppleId appleIdToken in two different sub-systems

Hello Apple ID support,

When a user successfully login with Apple, the apple OAuth will produce a appleIdToken. From my understanding this token is best to not leave the user device. I have two sub-system that can take a appleIdToken and manages the token-refresh separately.

In short:

  • Apple -> appleIdToken
    
  • sub-SystemA(appleIdToken) and sub-systemB(appleIdToken)
    
  • sub-SystemA and sub-systemB has two separate token management/refresh
    

The question:

  • Is this allowed by the Apple identify server? 
    
  • Is the usecase of supplying appleIdToken to sub-SystemA and sub-systemB valid?
    
Answered by DTS Engineer in 805769022

Hi @John-Doe,

If these subsystems are servers or web services, it is advised to verify the ID token received on device and generate new tokens for your backend. You can learn about that process in the documentation below:

Note: The user ID and private email address are team-scoped, so using subsystems for validation and handling user sessions for a single developer team and its apps is a valid use case.

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

Accepted Answer

Hi @John-Doe,

If these subsystems are servers or web services, it is advised to verify the ID token received on device and generate new tokens for your backend. You can learn about that process in the documentation below:

Note: The user ID and private email address are team-scoped, so using subsystems for validation and handling user sessions for a single developer team and its apps is a valid use case.

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

Turns out, once I get the token from appleID. I can directly send it into subSystem A and subSystem B and it worked just fine.

Using AppleId appleIdToken in two different sub-systems
 
 
Q