Posts

Post not yet marked as solved
0 Replies
890 Views
Hello,As part of the Sign in with Apple, we receive an id token as part of the first authentication step. Either when going through AuthenticationServices Framework (iOS app: https://developer.apple.com/documentation/authenticationservices/asauthorizationappleidcredential) or through REST APIs (https://developer.apple.com/documentation/signinwithapplerestapi/tokenresponse). Apple documentation says we should verify this ID token to ensure this is the real deal. Documentation says the way to fetch Apple's public key is here: https://developer.apple.com/documentation/signinwithapplerestapi/fetch_apple_s_public_key_for_verifying_token_signature.However, it does not make sense to fetch the public key for every transaction / every login. My questions are1. Does Apple's public key change often? My guess is not.2. If it does not, I should be able to fetch it once and cache it. Use the cached key for subsequent operations. Does this make sense?How have others solved this problem?Thanks.
Posted
by rgabb.
Last updated
.