I have implemented Sign in with Apple on website one weeks ago, and it work perfectly. However, recently we start to receive invalid_grant with no error description while token validation, however the same client secret works on IOS app without issue....
in ios app site , we used bundle id for client_id. in web site , we used service id for client_id;
I try to create a new privateKey for web site and add redirect_uri params to /auth/token, but still error....
I tested it like this,
-
- i got authorization code using Service ID
-
i tried authorization code with Service ID using browser :
-
successfully got the code
-
and requested access_token immately
-
2 and then, i tried validate the authorization grant code to obtain tokens
- curl like this
curl -X POST https://appleid.apple.com/auth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=my_service_id" \
-d "client_secret=my_client_secret" \
-d "code=sent_from_frontend" \
-d "grant_type=authorization_code" \
-d "redirect_uri=my_redirect_uri"
- then get fail and no error_description error_code is 400
invalid_grant
- is not invalid_client error, and client secret is not expired too
My decoded token looks like the following :
{
"alg": "ES256",
"typ": "JWT",
"kid": "my_kid"
}
{
"aud": "https://appleid.apple.com",
"sub": "my_service_id",
"iss": "team_id",
"exp": 1744012650,
"iat": 1728460650
}
Hi @misaka1234,
Please see my reply to the following post:
invalid_grant while token validation
https://developer.apple.com/forums/thread/765783?answerId=812005022#812005022
Cheers,
Paris X Pinkney | WWDR | DTS Engineer
