1 Reply
      Latest reply on May 18, 2020 9:28 AM by Najki
      IMSDK Dev Level 1 Level 1 (0 points)

        I saw the description

        You may verify the refresh token up to once a day to confirm that the user’s Apple ID on that device is still in good standing with Apple’s servers.

        in https://developer.apple.com/documentation/signinwithapplerestapi/verifying_a_user .

        I have two question about the description:

        1. Why should we verify the refresh token instead of  access token to confirm the user's Apple ID is still in good standing with Apple's server?
        2. The doc said refresh token can only verify once a day. But i can verify refresh token multiple times in practice. Is there some conflict between documentation and implementation?

        https://www.dropbox.com/s/l6ncxxvumil6sfs/1571217862017.png?dl=0

         

        Update on 10/17/2019:

        For apps running on other systems, use the periodic successful verification of the refresh token to determine the lifetime of the user session.

        I also saw the description above in in https://developer.apple.com/documentation/signinwithapplerestapi/verifying_a_user . I think periodic is also conflict with once a day.