Identifiers > Web Authentication Configuration > Website URLs select domains and subdomains or return urls is not working what's problem ?

Hi there, when using Touch ID, the call back following a request to auth/authorize does not include any user information ( user={} ), but it does if the user log in using a password. Is there a reason ? How to handle that Thanks

HI just wondering if other users are experiencing apple authentication being down. I am unable to sign in using apple auth into my application, and wanted to know if this was server or client side

Hi. I transfered an app that uses apple login. but, I didn't do the Transferring your apps and users to another team process, So, I'm working on Bringing new apps and users into your team. Is it possible to transfer a user with just Bringing new apps and users into your team.? I'm having trouble with the part where I get the access_token from the Bringing new apps and users into your team. action. I've only entered it with the NEW TEAM's information. POST /auth/token HTTP/1.1 Host: appleid.apple.com Content-Type: application/x-www-form-urlencoded grant_type=client_credentials&scope=user.migration&client_id={client_id}&client_secret={client_secret} client_id : APP bundle ID client_secret : Created by referencing [Create the client secret] in Generate and validate tokens. require 'jwt' key_file = 'key.p8' team_id = 'TeamID' client_id = 'AppID' key_id = 'KeyID' ecdsa_key = OpenSSL::PKey::EC.new IO.read key_file headers = { 'kid' => key_id } claims = { 'iss' => team_id, 'iat' => Time.now.to_i, 'exp' => Time.now.to_i + 86400*180, 'aud' => 'https://appleid.apple.com', 'sub' => client_id, } token = JWT.encode claims, ecdsa_key, 'ES256', headers puts token POST /auth/token HTTP/1.1 Host: appleid.apple.com Content-Type: application/x-www-form-urlencoded grant_type=client_credentials&scope=user.migration&client_id={client_id}&client_secret={client_secret} { "error": "invalid_client" } Thank you.

Hello community! To begin I want to say that I am a junior developer. We are about to publish our app, after several tests in TestFlight and we received that our app was rejected for the following reason: Guideline 4.0 - Design Your app offers Sign in with Apple as a login option but does not follow the design and user experience requirements for Sign in with Apple. Specifically: - Your app requires users to provide their name and/or phone number after using Sign in with Apple. This information is already provided by the Authentication Services framework. These requirements provide the consistent experience users expect when using Sign In with Apple to authenticate or log in to an account. Next Steps Please review the Sign in with Apple experience in your app to address the issues we identified above. Resources To learn more about App Store design requirements, see App Store Review Guideline 4 - Design. For an overview of design and formatting recommendations for Sign in with Apple, review the Human Interface Guidelines. The application, after logging in with apple, gives the user the option to edit the name and phone number, and we save that information in our personalized server. And I am using the Ionic-Cordova framework and for Google Plus authentication --> cordova-plugin-googleplus. I was reading the guides and the resources that they offer me, but I did not reach a good resolution. Any ideas for this problem? Thank you so much!

When I attempt to get authorization token I get 400 error. I pass in the following info: client id team id key identifier client secret access code redirect url I'm testing this on a launched nodejs backend, and a testflight build of my react native/expo app. I know my code works because I'm using the exact same setup on a different project and it works perfectly. I'm assuming I'm doing something wrong setting up the keys in apples Certificates, Identifiers & Profiles site, but anything I try doesn't work. Is there clear instructions somewhere on how this should be set up?

Hello guys, please how can i create my imei verification website for all Apple products?

Hi all. In order to prepare for the new "Account deletion guidance", I have been trying to retrieve access_token and refresh_token from the authorization_code but the POST request to https://appleid.apple.com/auth/token always results invalid_grant error. https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens I've tested with fresh authorization_codes that were not expired and generated by actual devices (not simulators), but I always end up with "The code has expired or has been revoked" message. Can somebody please help? {"error":"invalid_grant","error_description":"The code has expired or has been revoked."}%   Here's my request via cURL. curl -v POST "https://appleid.apple.com/auth/token" -H 'content-type: application/x-www-form-urlencoded' -d 'client_id={bundle_id}' -d 'client_secret={new JWT string}' -d 'code={authorization_code'} -d 'grant_type=authorization_code' Here are the headers and claims for generating a new JWT string. headers = { 'kid' => private_key_id (.p8), } claims = { 'iss' => team_id, 'iat' => Time.now.to_i, 'exp' => Time.now.to_i + 86400*180, 'aud' => 'https://appleid.apple.com', 'sub' => bundle_id, } For alg Im using ES256.

I'm working on integrating Sign In with Apple into my app. The app is written in React Native using expo and I'm using this component nearly exactly for now. https://docs.expo.io/versions/latest/sdk/apple-authentication/#usage I've been able to successfully generate the Authorization Grant code with this component, however, I've been unable to validate it server side. Here is the error I'm currently getting: { "error": "invalid_grant", "error_description": "The code has expired or has been revoked." } Details I've added a Sign In with Apple key to my app and downloaded the private key. I've published the app to TestFlight so I get my own bundle identifier and not Expo's in the simulator. This is the format of the authorization grant code from the a first request (formatting not JSON as it's output from go): { realUserStatus:1 , authorizationCode:xxxx , fullName:{ middleName:null nameSuffix:null namePrefix:null givenName:null familyName:null nickname:null} state:null identityToken:xxxxxxx email:null user:xxxxx } I'm using this library to generate the verification request: https://github.com/pagnihotry/siwago I'm running a go script from my laptop (not the a domain associated with the app), as well as copying/pasting information into Postman. Both methods are using x-www-form-urlencoded. The go app is signing the client_secret, and I assume it's the correct way because I'm no longer getting a 400 invalid_client. I've decode the client_secret and confirmed that the validation request is formatted: { "alg": "ES256", "kid": "SECRET_KEY_ID" } { "iss": "TEAM_ID", "iat": 1626740200, "exp": 1629332200, "aud": "https://appleid.apple.com", "sub": "BUNDLE_ID" } I've confirmed that the client secret is signed with my private key by validating it against my private key's public complement. The form data for the authorization to https://appleid.apple.com/auth/token request is (no punctuation on values): client_id: [BUNDLE_ID] client_secret: [signed secret] code: [authorizationCode] (from the Authorization grant code) grant_type: authorization_code redirect_uri: [left empty in go, not a key in Postman] I've requested my authorization code repeatedly and thought that I might be throttled, but then I tried a brand new one the first time but still got the invalid_grant response. Looking for any help, I've spent the past two solid days on this and am exhausted.

Hi team Our app is using Apple Login and its working fine. As our focus is moving towards the enterprise customers(B2B) rather than normal cosumer, so decided to remove the Apple Login(FB, Google etc), but for the some of our customers who are already logged with Apple Login, we wanted to keep this functionality in case they want to logout and login again. So our question is this, Can we keep apple login functionality without showing the Apple login button ? Flow will be -> User will be see a login page with option to enter name and email and a continue button. As soon as user will enter the name and email and press continue, our backend will inform us that the user is old user and logged in with Apple. After getting the information we'll open the Apple Login flow without any user interaction. Please let us know in case of any confusion or doubt in explaining the question. Thanks

I created an identifier, but did not select "Sign In with Apple" I created a key, and enabled the WeatherKit service. I have a simple python script to retrieve from the API, but I am getting "NOT ENABLED" import datetime import time # pip install requests PyJWT cryptography import jwt import requests import json from cryptography.hazmat.primitives.serialization import load_ssh_private_key from hashlib import sha1 with open("/Users/don/.ssh/AuthKey_LBV5W26ZRJ.p8", "r") as f: myKey = f.read() # matches my service id WEATHERKIT_SERVICE_ID = "net.ag6hq.sandysclock" #This is my id, redacted here WEATHERKIT_TEAM_ID = "<redacted>" # this is my private key, redacted here WEATHERKIT_KID = "<redacted>" # key ID WEATHERKIT_KEY = myKey WEATHERKIT_FULL_ID = f"{WEATHERKIT_TEAM_ID}.{WEATHERKIT_SERVICE_ID}" thisLat = 34.03139251897727 thisLon = -117.41704704143667 def fetch_weatherkit( lang="en", lat="34.031392", lon="-117.41704", country="US", timezone="US/Los_Angeles", datasets = "currentWeather,forecastDaily,forecastHourly,forecastNextHour", ): url = f"https://weatherkit.apple.com/api/v1/weather/{lang}/{lat}/{lon}?dataSets={datasets}&countryCode={country}&timezone={timezone}" now = int(time.time()) exp = now + (3600 * 24) token_payload = { "sub": WEATHERKIT_SERVICE_ID, "iss": WEATHERKIT_TEAM_ID, "exp": exp, "iat": now } token_header = { "kid": WEATHERKIT_KID, "id": WEATHERKIT_FULL_ID, "alg": "ES256", "typ": "JWT" } token = jwt.encode(token_payload, WEATHERKIT_KEY, headers=token_header, algorithm="ES256") response = requests.get(url, headers={'Authorization': f'Bearer {token}'}) return response #### End of Def myFetch=fetch_weatherkit() myStatus=myFetch.status_code myJSON=myFetch.json() print("myJSON=" + str(myJSON)) print("myStatus=" + str(myStatus)) This outputs: python weatherkit.py myJSON={'reason': 'NOT_ENABLED'} myStatus=401 I get the same results if I use the jwt.io service to create a token and use curl What am I doing wrong?

Hi, I am currently implementing a validation on Apple OAuth token. When a user is trying to register, client-side receives tokens from Apple and sends the token when requesting a sign up. Therefore, I need to validate the OAuth token that it is an actual token from Apple. These are my questions: I've done some research and seems like that Apple does not allow me to have static client_secret which I need for token validation request. Also, I need to use the .p8 which I got when registering a app to the app store. But I'm uncertain of what I can do with the .p8 to receive the client secret. I think that I need to send the request with the token to this url https://appleid.apple.com/auth/token. Am I able to send an access token for validation? On Apple's developer document, it says that I need to send a refresh token. https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens Thank you.

Do we have any api to upload app screenshots and metadata or create experiments with Screenshots and metadata for appstore connect ?

Im a computer developer, it seems not updates yet and ready. I am looking forwarding for more upcoming features and updates. Thank you.

Hi, I am trying to implement Sign In With Apple on a react app, using the react-apple-signin-auth package, with Firebase Authentication. My redirect URI is set to the url provided by firebase auth and client ID to the service ID created for the web app on Apple Developer. I am able to initiate the popup and input apple ID and password. However, when asked for confirmation to sign in, I get the following error: "Your request could not be completed because of an error. Please try again later" I am unsure of what is causing this error and hence unable to fix it. What should I do now?

We have an unity application using apple Sign in, and we want to build an additional web app that can also keep track of the progress of users. After people sign in using the unity app we keep track of the ID apple returns for future reference and searches. To build the webapp we created a service ID and coupled to our only appId, we then created a secret and finally we followed this guide for the setup The id_token the app outputs shows a sub that is different than the one returned in unity, even though this document here says it should be an unique identifier for our user in our app What could be going wrong? Or in case this question is better, how to properly identify an user across a mobile and web environment?

Hi Apple! We're developing an app for a client and would like to be able to post podcast RSS URL to Apple Podcasts/itunes programatically with the click of a button on our app. Something similar to what Anchor.fm is capeable of. I've read the documentation here: https://itunespartner.apple.com/podcasts/articles/podcast-requirements-3058 And it seems to me the RSS URL must be inserted manually into a Podcast Connect Account. Is there some kind of API that can do this? Or perhaps you could point us in the right direction. Thank you!Friendly neighborhood developer

Some background: A user must sign up for an account on our platform via a browser before they can sign in to our iOS app using an Apple ID otherwise we present the following error message as shown in the attached image. Authentication and session management is handled using AWS Cognito on our platform and we believe AWS Cognito is using the relevant API for Apple ID Sign Ins. For account deletion we are providing an account deletion option within the app to the user (who has to be signed in) under Account Settings. For a valid deletion request, we are deleting a user’s records from our database. For revoking, generating, and validating tokens we are using AWS cognito to handle token revocation, generation, and validation. Ask: Apple reviewers provided additional information (shown below) to help us resolve this issue. But i am not clear how this addresses their concern and would appreciate some guidance on how i could resolve it. Apple reviewer recommendation Apps that offer Sign in with Apple should use the REST API to revoke user tokens. If you have not retained the user’s refresh token, access token, or authorization code, you must still fulfill the user’s account deletion request. To learn more, we recommend reviewing the following resources: Handling account deletions and revoking tokens for Sign in with Apple Revoke tokens Generate and validate tokens

Hello. Whenever I tried to revoke by using an access token from App, I have responsed this error message { "error": "invalid_client" }. Actually, I can't realize what the problem is. So, Please review my code and check my mistake. This is the code that generating 'client_secret' code headers = { kid: @apple_key_id, alg: "ES256" } claims = { iss: @apple_team_id, iat: Time.now.to_i, exp: Time.now.to_i + 86400*180, aud: "https://appleid.apple.com", sub: "XXXXXXXXXX" } private_key = OpenSSL::PKey::EC.new IO.read @apple_key_file_path apple_client_secret = JWT.encode(claims, private_key, "ES256", headers) auth/revoke code url = URI("https://appleid.apple.com/auth/revoke") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Post.new(url.request_uri) request.body = { "client_id": "XXXXXXXXXX", "client_secret": client_secret, "token": @token, "token_type_hint": "access_token" }.to_json request.add_field("Content-Type", 'application/x-www-form-urlencoded') response = http.request(request)