Refresh the token

Hello there!


I was trying the WWDC 2019 session app "Juice" to test the Sign in with Apple process. I was wondering how I can get a refreshed token from the device after the restart of the app or when the token is not valid anymore (it has a 600 seconds validity). Is there a way to resfresh it from the device directly?


Regards,

Giacomo

Replies

Hi Giacomo,


The tokens returned by the AppleID authorization credential should be used to create an account in your system, your server can exchange the authCode for a refresh token via the Sign in with Apple service API:

https://developer.apple.com/documentation/signinwithapplerestapi


Additionally, the client app can use the previously returned user identifier to fetch the credential state via this API:

https://developer.apple.com/documentation/authenticationservices/asauthorizationappleidprovider


If the credential state is authorized, the credential is valid. If the state returns revoked, a new set of tokens will be generated upon user authorizing the app again.


The tokens returned during the authorization are ephemeral and should be used to create a session within your apps system.

I’m reporting this cause I think that, like the Google SDK and the Facebook SDK, apple should allow the client library to refresh the issued token directly from the client itself.


The ASAuthorizationControllerDelegate has the method


func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization)


The authorization.credential is of type ASAuthorizationAppleIDCredential and contains an identityToken.


The token is a JWT with a 600 seconds validity, but there is no method to get a new identityToken from the client after the login is completed (of course if the user has not revoked the authorisation)

I'm trying to figure out a good way to provide sessions between my app and my appserver since Sign In with Apple won't provide them the way every other services (Google, Facebook , Twitter, AWS Cognito, etc) do. At first I thought I might need my own OAuth 2.0 server but the simplest thing I can think of to do is have my app server create and return new JWTs to my app. When the user signs in with Apple, I send the identity token to my app server, verify the identity token with Apple, then create JWTs (identity/access and refresh) and return them along with the expiration back to my app.

  • did you resolve the issue?

Add a Comment