Hello Apple ID support,
When a user successfully login with Apple, the apple OAuth will produce a appleIdToken. From my understanding this token is best to not leave the user device. I have two sub-system that can take a appleIdToken and manages the token-refresh separately.
In short:
-
Apple -> appleIdToken
-
sub-SystemA(appleIdToken) and sub-systemB(appleIdToken)
-
sub-SystemA and sub-systemB has two separate token management/refresh
The question:
-
Is this allowed by the Apple identify server?
-
Is the usecase of supplying appleIdToken to sub-SystemA and sub-systemB valid?
Hi @John-Doe,
If these subsystems are servers or web services, it is advised to verify the ID token received on device and generate new tokens for your backend. You can learn about that process in the documentation below:
Note: The user ID and private email address are team-scoped, so using subsystems for validation and handling user sessions for a single developer team and its apps is a valid use case.
Cheers,
Paris X Pinkney | WWDR | DTS Engineer