Sign in with Apple gives Invalid redirect_uri even though am using a registered URL

Hello,


I am unable to get sign in with apple working. Currently, i get this response when attempting to hit https://appleid.apple.com/auth/token: Invalid redirect_uri.


The redirect_uri has been properly setup as documented.


Can you please assist?


I created a radar ticket for this: FB7239836


Thank you

Accepted Reply

I checked the information you provided.


The failure occurs since the client id you are using is incorrect for signing in on web. You are using the primary app's id (iOS app's ID) instead of the services ID. Since the primary app does not have any redirect URLs registered whereas the authorization request contains a redirect URL, it fails validation.


To fix this, use the services app id in your web authorization / sign-in requests.

Replies

I checked the information you provided.


The failure occurs since the client id you are using is incorrect for signing in on web. You are using the primary app's id (iOS app's ID) instead of the services ID. Since the primary app does not have any redirect URLs registered whereas the authorization request contains a redirect URL, it fails validation.


To fix this, use the services app id in your web authorization / sign-in requests.

Thank you Sudhakar19, that resolved my issue.

@jaguth Could you explain what you've done? I tried to use the service id client id but I'm still receiving invalid redirect uri? Thnaks

Same here. I had issues with the verification of my domain for email relaying the other day which was resolved eventually...clicking verify didn't work all day until it did by the end of the day.

When I try to correct the problem by using the service id like you said, it works on web, but then the login button on my ios app doesn't work anymore.


I got this :

Error: The audience in ID Token [##.app-videos] does not match the expected audience ##.signin.

Hi Sudhakar,


I have to integrate Sign in with Apple for Web and Android app.

1) How do i create redirect uri? Is this deeplink url which can be created using branch.io?

2) Do i need to have two separate redirect uri separate for web and android?


Please let me know about this.

Got the same issue when testing via AWS Hosted UI. It defaults to sending the main app id


Have double checked the redirect uri is correct. If I manually change the client id to the identifier of the Service ID for apple signing I still get the same error. AWS are currently trying to replicate the issue on their side


FAILS https://appleid.apple.com/auth/authorize?client_id=<serviceID_Identifier>&redirect_uri=<redirect_URI>

FAILS https://appleid.apple.com/auth/authorize?client_id=<main_app_id>&redirect_uri=<redirect_URI>

Same here. How do I get services ID, do I need to user App Id for iOS and services ID for android ?

I know I'm a year too late to answer, but I hope to help the next person reading this thread. You can create a services ID by following these steps:

  1. Go to https://developer.apple.com/account
  2. Choose "Certificates, Identifiers & Profiles".
  3. Select "Identifiers" on the left-side navigation bar.
  4. Click the + icon next to the "Identifiers" subtitle.
  5. Choose Service IDs and click the continue button.
  6. Fill all of the required fields.

You can also go to this URL https://developer.apple.com/account/resources/identifiers/list/serviceId to see all the services IDs you have been set up.

Edit: I found the official documentation for adding services ID https://help.apple.com/developer-account/#/dev1c0e25352

  • It really helps me to solve the issue, thanks.

Add a Comment

We were able to fix this issue with the following steps:

  1. Add domain/subdomain and return URL to your Apple account
  2. Check the length of the domain in redirect_uri it shouldn't be too long

In our case, domain length was 54 symbols and it start working when we reduce it to 49 symbols. It looks like there is a limit to the domain name length of around 50 symbols.

It was easy to reach this limit since we use a Cognito domain with a prefix and prefix attached to quite long domain name ".auth.eu-central-1.amazoncognito.com".