apple sign always get 400 Bad Request: [{"error":"invalid_grant"}]

I have implemented Sign in with Apple on website one weeks ago, and it work perfectly. However, recently we start to receive invalid_grant with no error description while token validation, however the same client secret works on IOS app without issue....

in ios app site , we used bundle id for client_id. in web site , we used service id for client_id;

I try to create a new privateKey for web site and add redirect_uri params to /auth/token, but still error....

I tested it like this,

    1. i got authorization code using Service ID
    • i tried authorization code with Service ID using browser :

    • successfully got the code

    • and requested access_token immately

  • 2 and then, i tried validate the authorization grant code to obtain tokens

    • curl like this
curl -X POST https://appleid.apple.com/auth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id=my_service_id" \
  -d "client_secret=my_client_secret" \
  -d "code=sent_from_frontend" \
  -d "grant_type=authorization_code" \
  -d "redirect_uri=my_redirect_uri"
  • then get fail and no error_description error_code is 400
 invalid_grant
  • is not invalid_client error, and client secret is not expired too

My decoded token looks like the following :

{
  "alg": "ES256",
  "typ": "JWT",
  "kid": "my_kid"
}
{
  "aud": "https://appleid.apple.com",
  "sub": "my_service_id",
  "iss": "team_id",
  "exp": 1744012650,
  "iat": 1728460650
}
Answered by DTS Engineer in 812032022

Hi @misaka1234,

Please see my reply to the following post:

invalid_grant while token validation

https://developer.apple.com/forums/thread/765783?answerId=812005022#812005022

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

Hi @misaka1234,

Please see my reply to the following post:

invalid_grant while token validation

https://developer.apple.com/forums/thread/765783?answerId=812005022#812005022

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

apple sign always get 400 Bad Request: [{"error":"invalid_grant"}]
 
 
Q