1 Reply
      Latest reply on Oct 21, 2019 1:50 PM by Paedy
      Sanvean Level 1 Level 1 (0 points)

        Hi,

         

        Just looking at migrating an existing Login with Facebook flow over to Sign in with Apple with the hope of eliminating FB Login entirely from our app.

         

        The client side seems straight forward enough, however there's one topic I can't seem to see any documentation or discussion here or on Stack Overflow about - a Sign In with Apple equivalent for FB App Access Tokens.

         

        Facebook Login supports different token types (https://developers.facebook.com/docs/facebook-login/access-tokens/) and currently our app back end supports 2 authentication flows.

         

        1. From End App Users, they Login with Facebook, send the provided client User Access Token to the app backend which validates the token against Facebook and then issues an app specific JWT token to the app client that is used in further app API calls until expiry.

         

        2. From backend server components. These request an App Access Token from Facebook e.g.

         

        curl -X GET "https://graph.facebook.com/oauth/access_token
          ?client_id={your-app-id}
          &client_secret={your-app-secret}
          &grant_type=client_credentials"

         

        The App Access Token is then send to the app backend which validates the token against Facebook and then issue an app specific JWT token that is used in further server to server API calls until expiry.

         

        Replacing 1 above seems straightforward but what about 2? Is there a straightforward mechanism for achieving the same with Sign In with Apple?

         

        It seems like the https://developer.apple.com/documentation/signinwithapplerestapi would be the API to use but is there a way to generate an App Access Token equivalent for Sign In with Apple to validate using this REST API?