Post not yet marked as solved
I am working on a financial application that falls under Indian jurisdiction, which has specific regulations prohibiting the use of relay or proxy emails for sign-up processes. Given that the "Hide My Email" feature in "Sign in with Apple" provides a relay email, I'm trying to understand how I can remain compliant with these regulations while offering "Sign in with Apple" as a sign-up option.
My proposed flow:
Allow users to use "Sign in with Apple" for authentication.
Check if the user has opted for the "Hide My Email" feature.
If they have, show an error message explaining the regulatory restriction and prompt them to either:
a) Use "Sign in with Apple" without the "Hide My Email" option OR
b) Use our standard "Sign up with Email and Password" flow.
I would like to understand if such an approach is acceptable according to Apple's guidelines. Would there be any issues or recommendations from Apple's side on implementing this flow?
Thank you for your assistance and guidance!
Post not yet marked as solved
Hi everyone, we are developing Ionic mobile app with .NET server part, now we are trying to implement apple authorization, it works properly with web(user can authorize and server receives callback), but it is not working with mobile, we can authorize and get response on client side with token and code, but it not initiate callback to server, we found a difference in apple endpoint that we call for web and for mobile(in query parameters for mobile- response_mode = web_message and for web- response_mode = form_post), we can't change url for mobile app, because we are using SignInWithApple from @capacitor-community/apple-sign-in, does anyone have experience with this problem? Thanks in advance.
Post not yet marked as solved
I'm using apple login in my web app and passing the redirect URI to apple URL. It's working fine on all browsers except Safari. On Safari instead of opening the URL in a new tab it's showing the finger touch enabled login popup. Which is causing the issue and my redirect URI is not getting passed and I'm not able to receive the code and other details from apple.
Can anyone please help me resolve this issue.
Angular Code:
const openNewWindow = window.open(
'https://appleid.apple.com/auth/authorize?response_type=code&response_mode=form_post&scope=name%20email&state=W4cL2JgRJq&client_id=CLIENT_ID&redirect_uri='+ this.AppleURL',"_blank"
);
try {
openNewWindow.opener = window;
window.addEventListener('message', event => {
this.signInWithApple(JSON.parse(event.data));
});window.addEventListener('message', event => {
this.signInWithApple(JSON.parse(event.data));
});
} catch (error) {
console.log("error",error);
}
Redirect URI js code:
Post not yet marked as solved
Is there any documentation about the server to server notification, specifically what sort of data Apple servers send to our server when there is an update to users who used Sign in with Apple?
Post not yet marked as solved
I'm in the process of setting up Apple Sign-In for our web portal. The web portal doesn't have a related Apple application. I've been reviewing the documentation provided at https://developer.apple.com/help/account/configure-app-capabilities/configure-sign-in-with-apple-for-the-web/ and attempting to set it up. It appears that this might not be possible without an existing Apple application associated with the web portal.
According to https://developer.apple.com/help/account/configure-app-capabilities/configure-sign-in-with-apple-for-the-web/:
To configure web authentication, you must create a Services ID and associate your website to an existing primary iOS, macOS, tvOS, or watchOS App ID enabled for Sign in with Apple.
Does this imply that it's not feasible without an existing Apple application?
Post not yet marked as solved
Hi,
We have a iOS app where users can purchase videos from others. Purchasing happens through In-app purchasing and our client get the money. So when the owner of the videos need to cashout the money he gets from the video selling, we need to implement an option for that. Currently we have a manual process for that.
Our major mode of receiving payments is CashApp
but when automating it with custom API it is giving error code : 8447435879 , 18447435879
Can Anyone tell me what exactly is this error code about?
Note : we are synchronising the API with REST API
Post not yet marked as solved
We recently are adding apple signup in our app and in our db we have 50 chars as max length of user identifiers. i was wondering how long they can be on apple and whether we should tweak the max length on our side.
Post not yet marked as solved
I am sending a user to the apple authentication site where they fill in their apple login information on a form:
const signInWithApple = () => {
const params = {
client_id: Config.APPLE_AUTH_CLIENT_ID,
redirect_uri: 'https://www.example-site.com/auth/apple/',
scope: 'name email',
response_type: 'code',
response_mode: 'form_post',
};
const loginUrl = `https://appleid.apple.com/auth/authorize?${queryString.stringify(params)}`;
window.open(loginUrl, '_blank', `scrollbars=yes, width=520, height=570`);
};
After it has authenticated the user, it redirects the user to the URL that is defined in the redirect_uri property. Then I verify the token and log in the user on my end. That works beautifully.
The problem occurs when, instead of opening the window with the form fields, it opens a sheet at the bottom of the Safari mobile browser to allow the user to use face id. If you follow through with that, it looks like it recognizes your face and closes the sheet but it never redirects the user to my URL page where I log in the user after verifying their token.
Has anybody encountered this? I would love some ideas on how to solve this please!
Post not yet marked as solved
Hello - migrated from darksky to WeatherKit in April of this year. With some difficulty finally got the REST API to work via the following resources:
https://developer.apple.com/weatherkit/get-started/
which is horribly inadequate for JWT instructions. So i also used:
https://dev.iachieved.it/iachievedit/weatherkit-rest-api/
which was quite helpful.
As stated, in April i managed to get this working. About a week ago it stopped working.
The response from my calls are 401 Unauthorized in the header and { "reason": "NOT_ENABLED" } in the body.
I believe the key i created expired and thus WeatherKit stopped responding. So i tried to re-enable access using the same Apple key and a new JWT signature. That did not seem to work, so i removed the old key and created a new one. Downloaded the p8 file and used openssl on my ubuntu server to create pem and pub files for the jwt token. Still nothing. I have tried almost all combinations of keys and ID #s in the JWT.io console that i can think of.
Importantly, nowhere in the official Apple documentation does it say what parameters the key creation and expiry dates can be. Does the key creation date have to match the date the key was created in Apple Developer Console??? What expiry dates are valid???? No idea.
I have submitted a code level request, but they punted me to feedback which apparently does nothing. Still no resolution, nor have i been contacted once by an Apple representative. This is what my $200 developer fee gets me?! Unacceptable.
If anyone has any idea on how to resolve this issue and/or create valid jwt tokens easier (via PHP preferably), i'm all ears.
Thanks, airyt
I want to know if the user identity(sub) maintains the same when the user un-links the linked app from the Apple ID setting and re-links it.
I would be grateful if you could give me an reply.
Post not yet marked as solved
Hi guys,
I have been using a services id for my apps and websites to use Sign in with Apple feature over 3 months. All of a sudden the website urls and return urls I newly add to the services id don't work. I am getting "invalid_request
Invalid web redirect url." errrors.
I have checked the urls carefully, (https), I also added many new ones but none of them worked.
In order to test it I also removed some of the current return urls from my websites to see if it will stop working but no, the ones I removed still work which kind of confirms my theory that it does not update the list, it is bugged.
Quite weirdly, the new native apps I submitted to the store also does not work, it gives the error "Sign-up Not Completed"
Does any one have any idea? Such a weird problem all of a sudden
Post not yet marked as solved
Hello,
I have implemented a while ago Sign IN with REST API in PHP code. It worked. Now it doesn't.
When I redirect to apple with a request:
https://appleid.apple.com/auth/authorize?scope=name%20email&state=fffffffstateherefffffff&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmydomain.pl%2Fconnect%2Fapple%2Fcheck&client_id=pl.myclientid&response_mode=form_post
I can login via Apple ID and then I am redirected to my webpage. But instead of POST redirect with a code param, I am redirected with GET wihtout the code. The docs says that if I use response_mode=form_post Apple should redirect to me with POST method. But it doesn't. I cannot figure out why.
Is this a bug?
Post not yet marked as solved
We have changed return URLs for one Service ID, but the change is not propagated. The old return URL still works and we get "Invalid web redirect URL".
We even tried deleting Service ID with old return URLs and created new Service ID with new redirect URLs.
But the only one that works is the one that we deleted.
Post not yet marked as solved
Hi everyone!
I am in the process of transferring an app from account (A) to account (B), and I am wondering how the various steps in the documentation link to the transfer process.
In particular:
https://developer.apple.com/documentation/sign_in_with_apple/transferring_your_apps_and_users_to_another_team -> I understood that this process can be done BEFORE the migration to create all the transfer_sub beforehand.
https://developer.apple.com/documentation/sign_in_with_apple/bringing_new_apps_and_users_into_your_team -> when can this be done? After initiating the transfer or only after the transfer is completed?
Moreover, what about the private key used for Sign in With Apple from the old team? Will it still work before/after the transfer, or in which step it will stop work? For example, in Firebase we set-up the Apple Sign in using the (A) team_id and private_key. When should we change this in Firebase? After initiating the transfer, after the transfer is completed? Will the old key stop working after the transfer is completed? Thank you!
Post not yet marked as solved
When I use the Generate and Validate Tokens endpoint - https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens with an Authorization Grant Code, the endpoint returns a refresh_token and id_token among other things.
When the id_token expires, I can use the refresh_token to create a new one.
However, when I use the refresh token on this endpoint, it doesn't return a new refresh_token. Why is that?
Post not yet marked as solved
Hello,
I need to use a apple sign in in ios application, i get my authorization code from hybryde apllication :
let options: SignInWithAppleOptions = {
clientId: ConstConfig.APPLE_CLIENT_ID,
redirectURI: ConstConfig.APPLE_REDIRECT_URI,
scopes: ConstConfig.APPLE_SCOPES,
state: ConstConfig.APPLE_STATE,
nonce: ConstConfig.APPLE_NONCE
};
SignInWithApple.authorize(options)
.then((result: SignInWithAppleResponse) => {
this.authenticate.appleAuthorizationCode = result.response.authorizationCode;
this.authenticate.appleUser = result.response.user;
this.authenticate.appleIdentityToken = result.response.identityToken;
i send this 3 value to my backend JAVA to validate the accessToken and get the refrsh token, validate java Method :
logger.info("Apple authorization validation");
// get the subject received from the client
String clientSubject = getSubject(identityToken);
// verifying the code by the apple server
String token = getToken();
logger.debug("Authorize with token:" + token);
Map<String, String> params = new HashMap<>();
params.put("client_id", APPLE_CLIENT_ID);
params.put("client_secret", token);
params.put("code", authorisationCode);
params.put("grant_type", "authorization_code");
params.put("redirect_uri", "");
if (redirectURI != null) {
}
String response = post(APPLE_AUTH_URL, params);
logger.info("Apple authorization response:" + response);
AppleTokenResponse tokenResponse = objectMapper.readValue(response, AppleTokenResponse.class);
if (tokenResponse.getError() != null && tokenResponse.getError().length() > 0) {
logger.warn("Error during verification of the code. Reason:" + tokenResponse.getError());
return null;
}
String serverSubject = getSubject(tokenResponse.getId_token());
if (!serverSubject.equals(clientSubject)) {
logger.warn("Validation failed, subject does not match!");
return null;
}
return getClaims(tokenResponse.getId_token());
the JWT TOken :
return Jwts.builder()
.setHeaderParam(JwsHeader.KEY_ID, APPLE_KEY_ID)
.setHeaderParam(JwsHeader.ALGORITHM,"ES256")
.setIssuer(APPLE_TEAM_ID)
.setAudience(APPLE_APPLE_ID_URL)
.setSubject(APPLE_CLIENT_ID)
.setExpiration(new Date(System.currentTimeMillis() + (1000 * 60 * 5)))
.setIssuedAt(new Date(System.currentTimeMillis()))
.signWith(SignatureAlgorithm.ES256, pKey)
.compact();
how i get my private key :
File file = new File(APPLE_CERTIFICATE_PATH);
try {
PEMParser pemParser = new PEMParser(new FileReader(file));
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject();
APPLE_PRIVATE_KEY = converter.getPrivateKey(object);
logger.info("load apple private keys Ok.");
} catch (Exception ex) {
logger.error("error on generate apple sign in private Key : ", ex);
}
thr response still return : {"error":"invalid_grant","error_description":"client_id mismatch. The code was not issued to bundleID"}, i don't know the reason.
i read that i nedd to check in testFlit, ido but i still get the same error, i also put the same redirect_url in front and back (for me that not needed because i dont use u web sign in ) but i still get the same error.
for my bundle id i use the APP Identifier not the service Identifier in front and back. its correct ?
thank for your help.
After successfully logging in using apple sign-in. I get back the default response: the authorization code.
I send the entire payload to my backend to which I then, use the docs - https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens to verify the auth_code. I get back this response.
{
"error": "invalid_grant",
"error_description": "client_id mismatch. The code was not issued to com.example.bundle."
}
I've checked the bundleId several times. I've created new Identifiers and keys, used those new values instead and I get the same issue. According to the errorResponse - https://developer.apple.com/documentation/sign_in_with_apple/errorresponse documentation:
invalid_grant
The authorization grant or refresh token is invalid, typically due to a mismatched or invalid client identifier, invalid code (expired or previously used authorization code), or invalid refresh token.
Any recommended test solutions to diagnose this issue?
Post not yet marked as solved
Hey i am trying to Link Zelle API with SWIFT Based Ecommerce Store , Getting error code 8889275440 , and 18889275440 , Am trying to track and put balance into users account as i receive the payment from user and post directly to his account when he tries to add funds , But getting the above two error codes
Post not yet marked as solved
I have the below code block to call the token endpoint. The endpoint succeeds from Postman with JSON response but from my web application, it fails with CORS error. What could be the reason for this behavior?
const axios = require('axios');
const qs = require('qs');
let data = qs.stringify({
'grant_type': 'authorization_code',
'code': 'xxxxxxyyyyybbb,
'redirect_uri': 'https:myApp/login',
'client_id': 'com.myclient_id',
'client_secret': 'myworkingsecret'
});
let config = {
method: 'post',
maxBodyLength: Infinity,
url: 'https://appleid.apple.com/auth/token',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
data : data
};
axios.request(config)
.then((response) => {
console.log(JSON.stringify(response.data));
})
.catch((error) => {
console.log(error);
});
Post not yet marked as solved
We are implementing a web app with Angular as frontend and java springboot as backend. while trying to use signin with Appleid in our application login page, we are getting Invalid_Client.
please find the attached log and image of error.
log.txt