User Profile

After following the SSO flow, my api gets a form-encoded post that looks like the following:Parameters: {"state"=>"x", "code"=>"y", "id_token"=>"z"}I then attempt to validate the code by calling `validate_auth_token`def validate_auth_token(token, is_refresh = false) uri = URI.parse('https://appleid.apple.com/auth/token') https = Net::HTTP.new(uri.host, uri.port) https.use_ssl = true headers = { 'Content-Type': 'text/json' } request = Net::HTTP::Post.new(uri.path, headers) request_body = { client_id: @client_id, client_secret: retreive_client_secret } if is_refresh request_body[:grant_type] = 'refresh_token' request_body[:refresh_token] = token else request_body[:grant_type] = 'authorization_code' request_body[:code] = token request_body[:redirect_uri] = "https://#{Rails.application.secrets.backend_host_port}/apple" end pp request_body request.body = request_body.to_json response = https.request(request) p JSON.parse response.body p response.code end private def retreive_client_secret cert = retreive_secret_cert ecdsa_key = OpenSSL::PKey::EC.new cert algorithm = 'ES256' headers = { 'alg': algorithm, 'kid': @key_id } claims = { 'iss': @team_id, 'iat': Time.now.to_i, 'exp': Time.now.to_i + 5.months.to_i, 'aud': 'https://appleid.apple.com', 'sub': @client_id } token = JWT.encode claims, ecdsa_key, algorithm, headers token endwhere @client_id is the "Service ID" I submitted in the initial SSO request, @key_id is the id of the private key downloaded from the apple key dashboard, and @team_id is our apple team id.No matter how I mishape the validation request, I continue to get a 400 response with an "unsupported_grant_type" error. The docs say that this means that: The authenticated client is not authorized to use the grant type.I've enabled Apple SSO on the App Id, the Service Id, and have even verified my support email domains. What am I missing? Is there some other approval step I need to complete to get authorized?