Hello,
Following a company split we are planning to transfer one of our apps, which has Sign in With Apple enabled, to another team. We want to provide a smooth migration experience for the users by minimizing downtime and avoiding the duplication of accounts in our database.
In our backend we generate a client secret using the transferring team’s ID. We then use this client secret with the “https://appleid.apple.com/auth/token” endpoint which returns the identity token.
With the above in mind, I have the following questions:
-
If we don’t update the team ID immediately after the transfer in our backend, will the identity token returned by the endpoint above contain the transferring team user ID in the sub field or, will it contain the recipient team user ID?
-
Is there any possibility that we will ever receive an identity token containing a transferring team user ID in the sub field after we accept the transfer?
Thanks,
Bruno
Hi @Bruno265,
You wrote:
If we don’t update the team ID immediately after the transfer in our backend, will the identity token returned by the endpoint above contain the transferring team user ID in the sub field or, will it contain the recipient team user ID?
After the app transfer is completed, the ID token will contain the user ID scoped to the recipient team.
Then, you wrote:
Is there any possibility that we will ever receive an identity token containing a transferring team user ID in the sub field after we accept the transfer?
No. Please see the following technote for more information on the expected order of operations:
TN3159: Migrating Sign in with Apple users for an app transfer
Cheers,
Paris X Pinkney | WWDR | DTS Engineer
