Post not yet marked as solved
Identifiers > Web Authentication Configuration > Website URLs
select domains and subdomains or return urls is not working
what's problem ?
Post not yet marked as solved
Hi there, when using Touch ID, the call back following a request to auth/authorize does not include any user information ( user={} ), but it does if the user log in using a password.
Is there a reason ? How to handle that
Thanks
Post not yet marked as solved
HI just wondering if other users are experiencing apple authentication being down. I am unable to sign in using apple auth into my application, and wanted to know if this was server or client side
Post not yet marked as solved
Hi.
I transfered an app that uses apple login.
but, I didn't do the Transferring your apps and users to another team process,
So, I'm working on Bringing new apps and users into your team.
Is it possible to transfer a user with just Bringing new apps and users into your team.?
I'm having trouble with the part where I get the access_token from the Bringing new apps and users into your team. action.
I've only entered it with the NEW TEAM's information.
POST /auth/token HTTP/1.1
Host: appleid.apple.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&scope=user.migration&client_id={client_id}&client_secret={client_secret}
client_id : APP bundle ID
client_secret : Created by referencing [Create the client secret] in Generate and validate tokens.
require 'jwt'
key_file = 'key.p8'
team_id = 'TeamID'
client_id = 'AppID'
key_id = 'KeyID'
ecdsa_key = OpenSSL::PKey::EC.new IO.read key_file
headers = {
'kid' => key_id
}
claims = {
'iss' => team_id,
'iat' => Time.now.to_i,
'exp' => Time.now.to_i + 86400*180,
'aud' => 'https://appleid.apple.com',
'sub' => client_id,
}
token = JWT.encode claims, ecdsa_key, 'ES256', headers
puts token
POST /auth/token HTTP/1.1
Host: appleid.apple.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&scope=user.migration&client_id={client_id}&client_secret={client_secret}
{
"error": "invalid_client"
}
Thank you.
Post not yet marked as solved
Hello community! To begin I want to say that I am a junior developer.
We are about to publish our app, after several tests in TestFlight and we received that our app was rejected for the following reason:
Guideline 4.0 - Design
Your app offers Sign in with Apple as a login option but does not follow the design and user experience requirements for Sign in with Apple. Specifically:
- Your app requires users to provide their name and/or phone number after using Sign in with Apple. This information is already provided by the Authentication Services framework.
These requirements provide the consistent experience users expect when using Sign In with Apple to authenticate or log in to an account.
Next Steps
Please review the Sign in with Apple experience in your app to address the issues we identified above.
Resources
To learn more about App Store design requirements, see App Store Review Guideline 4 - Design.
For an overview of design and formatting recommendations for Sign in with Apple, review the Human Interface Guidelines.
The application, after logging in with apple, gives the user the option to edit the name and phone number, and we save that information in our personalized server.
And I am using the Ionic-Cordova framework and for Google Plus authentication --> cordova-plugin-googleplus.
I was reading the guides and the resources that they offer me, but I did not reach a good resolution. Any ideas for this problem?
Thank you so much!
Post not yet marked as solved
When I attempt to get authorization token I get 400 error. I pass in the following info:
client id
team id
key identifier
client secret
access code
redirect url
I'm testing this on a launched nodejs backend, and a testflight build of my react native/expo app. I know my code works because I'm using the exact same setup on a different project and it works perfectly.
I'm assuming I'm doing something wrong setting up the keys in apples Certificates, Identifiers & Profiles site, but anything I try doesn't work. Is there clear instructions somewhere on how this should be set up?
Post not yet marked as solved
Hello guys, please how can i create my imei verification website for all Apple products?
Post not yet marked as solved
Hi all.
In order to prepare for the new "Account deletion guidance", I have been trying to retrieve access_token and refresh_token from the authorization_code but the POST request to https://appleid.apple.com/auth/token always results invalid_grant error.
https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens
I've tested with fresh authorization_codes that were not expired and generated by actual devices (not simulators), but I always end up with "The code has expired or has been revoked" message. Can somebody please help?
{"error":"invalid_grant","error_description":"The code has expired or has been revoked."}%
Here's my request via cURL.
curl -v POST "https://appleid.apple.com/auth/token"
-H 'content-type: application/x-www-form-urlencoded'
-d 'client_id={bundle_id}'
-d 'client_secret={new JWT string}'
-d 'code={authorization_code'}
-d 'grant_type=authorization_code'
Here are the headers and claims for generating a new JWT string.
headers = {
'kid' => private_key_id (.p8),
}
claims = {
'iss' => team_id,
'iat' => Time.now.to_i,
'exp' => Time.now.to_i + 86400*180,
'aud' => 'https://appleid.apple.com',
'sub' => bundle_id,
}
For alg Im using ES256.
Post not yet marked as solved
I'm working on integrating Sign In with Apple into my app. The app is written in React Native using expo and I'm using this component nearly exactly for now. https://docs.expo.io/versions/latest/sdk/apple-authentication/#usage
I've been able to successfully generate the Authorization Grant code with this component, however, I've been unable to validate it server side. Here is the error I'm currently getting:
{
"error": "invalid_grant",
"error_description": "The code has expired or has been revoked."
}
Details
I've added a Sign In with Apple key to my app and downloaded the private key. I've published the app to TestFlight so I get my own bundle identifier and not Expo's in the simulator.
This is the format of the authorization grant code from the a first request (formatting not JSON as it's output from go):
{
realUserStatus:1 ,
authorizationCode:xxxx ,
fullName:{
middleName:null
nameSuffix:null
namePrefix:null
givenName:null
familyName:null
nickname:null}
state:null
identityToken:xxxxxxx
email:null
user:xxxxx
}
I'm using this library to generate the verification request: https://github.com/pagnihotry/siwago
I'm running a go script from my laptop (not the a domain associated with the app), as well as copying/pasting information into Postman.
Both methods are using x-www-form-urlencoded. The go app is signing the client_secret, and I assume it's the correct way because I'm no longer getting a 400 invalid_client. I've decode the client_secret and confirmed that the validation request is formatted:
{
"alg": "ES256",
"kid": "SECRET_KEY_ID"
}
{
"iss": "TEAM_ID",
"iat": 1626740200,
"exp": 1629332200,
"aud": "https://appleid.apple.com",
"sub": "BUNDLE_ID"
}
I've confirmed that the client secret is signed with my private key by validating it against my private key's public complement.
The form data for the authorization to https://appleid.apple.com/auth/token request is (no punctuation on values):
client_id: [BUNDLE_ID]
client_secret: [signed secret]
code: [authorizationCode] (from the Authorization grant code)
grant_type: authorization_code
redirect_uri: [left empty in go, not a key in Postman]
I've requested my authorization code repeatedly and thought that I might be throttled, but then I tried a brand new one the first time but still got the invalid_grant response.
Looking for any help, I've spent the past two solid days on this and am exhausted.
Post not yet marked as solved
Hi team
Our app is using Apple Login and its working fine. As our focus is moving towards the enterprise customers(B2B) rather than normal cosumer, so decided to remove the Apple Login(FB, Google etc), but for the some of our customers who are already logged with Apple Login, we wanted to keep this functionality in case they want to logout and login again.
So our question is this, Can we keep apple login functionality without showing the Apple login button ?
Flow will be -> User will be see a login page with option to enter name and email and a continue button. As soon as user will enter the name and email and press continue, our backend will inform us that the user is old user and logged in with Apple. After getting the information we'll open the Apple Login flow without any user interaction.
Please let us know in case of any confusion or doubt in explaining the question.
Thanks
Hi,
I need to make a "Sign with apple" button.
I followed all the instructions and I managed to get apple's response with id_token.
I have to continue testing the application but I no longer get the "user" object (name, lastname).
How can I get the user object back to continue development?
Post not yet marked as solved
I created an identifier, but did not select "Sign In with Apple"
I created a key, and enabled the WeatherKit service.
I have a simple python script to retrieve from the API, but I am getting "NOT ENABLED"
import datetime
import time
# pip install requests PyJWT cryptography
import jwt
import requests
import json
from cryptography.hazmat.primitives.serialization import load_ssh_private_key
from hashlib import sha1
with open("/Users/don/.ssh/AuthKey_LBV5W26ZRJ.p8", "r") as f:
myKey = f.read()
# matches my service id
WEATHERKIT_SERVICE_ID = "net.ag6hq.sandysclock"
#This is my id, redacted here
WEATHERKIT_TEAM_ID = "<redacted>"
# this is my private key, redacted here
WEATHERKIT_KID = "<redacted>" # key ID
WEATHERKIT_KEY = myKey
WEATHERKIT_FULL_ID = f"{WEATHERKIT_TEAM_ID}.{WEATHERKIT_SERVICE_ID}"
thisLat = 34.03139251897727
thisLon = -117.41704704143667
def fetch_weatherkit(
lang="en",
lat="34.031392",
lon="-117.41704",
country="US",
timezone="US/Los_Angeles",
datasets = "currentWeather,forecastDaily,forecastHourly,forecastNextHour",
):
url = f"https://weatherkit.apple.com/api/v1/weather/{lang}/{lat}/{lon}?dataSets={datasets}&countryCode={country}&timezone={timezone}"
now = int(time.time())
exp = now + (3600 * 24)
token_payload = {
"sub": WEATHERKIT_SERVICE_ID,
"iss": WEATHERKIT_TEAM_ID,
"exp": exp,
"iat": now
}
token_header = {
"kid": WEATHERKIT_KID,
"id": WEATHERKIT_FULL_ID,
"alg": "ES256",
"typ": "JWT"
}
token = jwt.encode(token_payload, WEATHERKIT_KEY, headers=token_header, algorithm="ES256")
response = requests.get(url, headers={'Authorization': f'Bearer {token}'})
return response
####
End of Def
myFetch=fetch_weatherkit()
myStatus=myFetch.status_code
myJSON=myFetch.json()
print("myJSON=" + str(myJSON))
print("myStatus=" + str(myStatus))
This outputs:
python weatherkit.py
myJSON={'reason': 'NOT_ENABLED'}
myStatus=401
I get the same results if I use the jwt.io service to create a token and use curl
What am I doing wrong?
Post not yet marked as solved
Hi,
I am currently implementing a validation on Apple OAuth token. When a user is trying to register, client-side receives tokens from Apple and sends the token when requesting a sign up. Therefore, I need to validate the OAuth token that it is an actual token from Apple.
These are my questions:
I've done some research and seems like that Apple does not allow me to have static client_secret which I need for token validation request. Also, I need to use the .p8 which I got when registering a app to the app store. But I'm uncertain of what I can do with the .p8 to receive the client secret.
I think that I need to send the request with the token to this url https://appleid.apple.com/auth/token. Am I able to send an access token for validation? On Apple's developer document, it says that I need to send a refresh token. https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens
Thank you.
Post not yet marked as solved
Do we have any api to upload app screenshots and metadata or create experiments with Screenshots and metadata for appstore connect ?
Post not yet marked as solved
Im a computer developer, it seems not updates yet and ready. I am looking forwarding for more upcoming features and updates. Thank you.
Post not yet marked as solved
Hi, I am trying to implement Sign In With Apple on a react app, using the react-apple-signin-auth package, with Firebase Authentication. My redirect URI is set to the url provided by firebase auth and client ID to the service ID created for the web app on Apple Developer. I am able to initiate the popup and input apple ID and password. However, when asked for confirmation to sign in, I get the following error:
"Your request could not be completed because of an error. Please try again later"
I am unsure of what is causing this error and hence unable to fix it. What should I do now?
Post not yet marked as solved
We have an unity application using apple Sign in, and we want to build an additional web app that can also keep track of the progress of users.
After people sign in using the unity app we keep track of the ID apple returns for future reference and searches.
To build the webapp we created a service ID and coupled to our only appId, we then created a secret and finally we followed this guide for the setup
The id_token the app outputs shows a sub that is different than the one returned in unity, even though this document here says it should be an unique identifier for our user in our app
What could be going wrong?
Or in case this question is better, how to properly identify an user across a mobile and web environment?
Post not yet marked as solved
Hi Apple!
We're developing an app for a client and would like to be able to post podcast RSS URL to Apple Podcasts/itunes programatically with the click of a button on our app. Something similar to what Anchor.fm is capeable of.
I've read the documentation here:
https://itunespartner.apple.com/podcasts/articles/podcast-requirements-3058
And it seems to me the RSS URL must be inserted manually into a Podcast Connect Account. Is there some kind of API that can do this? Or perhaps you could point us in the right direction.
Thank you!Friendly neighborhood developer
Post not yet marked as solved
Some background:
A user must sign up for an account on our platform via a browser before they can sign in to our iOS app using an Apple ID otherwise we present the following error message as shown in the attached image.
Authentication and session management is handled using AWS Cognito on our platform and we believe AWS Cognito is using the relevant API for Apple ID Sign Ins.
For account deletion we are providing an account deletion option within the app to the user (who has to be signed in) under Account Settings. For a valid deletion request, we are deleting a user’s records from our database.
For revoking, generating, and validating tokens we are using AWS cognito to handle token revocation, generation, and validation.
Ask: Apple reviewers provided additional information (shown below) to help us resolve this issue. But i am not clear how this addresses their concern and would appreciate some guidance on how i could resolve it.
Apple reviewer recommendation
Apps that offer Sign in with Apple should use the REST API to revoke user tokens. If you have not retained the user’s refresh token, access token, or authorization code, you must still fulfill the user’s account deletion request. To learn more, we recommend reviewing the following resources:
Handling account deletions and revoking tokens for Sign in with Apple
Revoke tokens
Generate and validate tokens
Post not yet marked as solved
Hello. Whenever I tried to revoke by using an access token from App, I have responsed this error message { "error": "invalid_client" }.
Actually, I can't realize what the problem is. So, Please review my code and check my mistake.
This is the code that generating 'client_secret' code
headers = {
kid: @apple_key_id,
alg: "ES256"
}
claims = {
iss: @apple_team_id,
iat: Time.now.to_i,
exp: Time.now.to_i + 86400*180,
aud: "https://appleid.apple.com",
sub: "XXXXXXXXXX"
}
private_key = OpenSSL::PKey::EC.new IO.read @apple_key_file_path
apple_client_secret = JWT.encode(claims, private_key, "ES256", headers)
auth/revoke code
url = URI("https://appleid.apple.com/auth/revoke")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url.request_uri)
request.body = {
"client_id": "XXXXXXXXXX",
"client_secret": client_secret,
"token": @token,
"token_type_hint": "access_token"
}.to_json
request.add_field("Content-Type", 'application/x-www-form-urlencoded')
response = http.request(request)