{"error":"invalid_grant","error_description":"client_id mismatch. The code was not issued to bundleID"}

Hello,

I need to use a apple sign in in ios application, i get my authorization code from hybryde apllication :

let options: SignInWithAppleOptions = {
                clientId: ConstConfig.APPLE_CLIENT_ID,
                redirectURI: ConstConfig.APPLE_REDIRECT_URI,
                scopes: ConstConfig.APPLE_SCOPES,
                state: ConstConfig.APPLE_STATE,
                nonce: ConstConfig.APPLE_NONCE
            };

SignInWithApple.authorize(options)
      .then((result: SignInWithAppleResponse) => {

 this.authenticate.appleAuthorizationCode = result.response.authorizationCode;
 this.authenticate.appleUser = result.response.user;
this.authenticate.appleIdentityToken = result.response.identityToken;
            

i send this 3 value to my backend JAVA to validate the accessToken and get the refrsh token, validate java Method :

logger.info("Apple authorization validation");
        // get the subject received from the client
        String clientSubject = getSubject(identityToken);

        // verifying the code by the apple server
        String token = getToken();
        logger.debug("Authorize with token:" + token);

        Map<String, String> params = new HashMap<>();
        params.put("client_id", APPLE_CLIENT_ID);
        params.put("client_secret", token);
        params.put("code", authorisationCode);
        params.put("grant_type", "authorization_code");
        params.put("redirect_uri", "");
        if (redirectURI != null) {

        }
        String response = post(APPLE_AUTH_URL, params);
        logger.info("Apple authorization response:" + response);

        AppleTokenResponse tokenResponse = objectMapper.readValue(response, AppleTokenResponse.class);
        if (tokenResponse.getError() != null && tokenResponse.getError().length() > 0) {
            logger.warn("Error during verification of the code. Reason:" + tokenResponse.getError());
            return null;
        }

        String serverSubject = getSubject(tokenResponse.getId_token());
        if (!serverSubject.equals(clientSubject)) {
            logger.warn("Validation failed, subject does not match!");
            return null;
        }

        return getClaims(tokenResponse.getId_token());

the JWT TOken :

    return Jwts.builder()
                .setHeaderParam(JwsHeader.KEY_ID, APPLE_KEY_ID)
                .setHeaderParam(JwsHeader.ALGORITHM,"ES256")
                .setIssuer(APPLE_TEAM_ID)
                .setAudience(APPLE_APPLE_ID_URL)
                .setSubject(APPLE_CLIENT_ID)
                .setExpiration(new Date(System.currentTimeMillis() + (1000 * 60 * 5)))
                .setIssuedAt(new Date(System.currentTimeMillis()))
                .signWith(SignatureAlgorithm.ES256, pKey)
                .compact();

how i get my private key :

    File file = new File(APPLE_CERTIFICATE_PATH);
        try {
            PEMParser pemParser = new PEMParser(new FileReader(file));
            JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
            PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject();

            APPLE_PRIVATE_KEY =  converter.getPrivateKey(object);
            logger.info("load apple private keys Ok.");
        } catch (Exception ex) {
            logger.error("error on generate apple sign in private Key : ", ex);
        }

thr response still return : {"error":"invalid_grant","error_description":"client_id mismatch. The code was not issued to bundleID"}, i don't know the reason.

i read that i nedd to check in testFlit, ido but i still get the same error, i also put the same redirect_url in front and back (for me that not needed because i dont use u web sign in ) but i still get the same error.

for my bundle id i use the APP Identifier not the service Identifier in front and back. its correct ?

thank for your help.

{"error":"invalid_grant","error_description":"client_id mismatch. The code was not issued to bundleID"}
 
 
Q