As the title says. Tried to find the answer on Apple's website but no dice.

Hi! I have the following problem. We are providing the Apple Sign In option for users to register in our system. When you first login using Apple Sign In it will successfully return "Email" and we are using it for our own registration routine. The problem is with the following thing: our user can remove the account from our system. And after that, he will not be able to register using Apple Sign In. Is there any way to revoke this token? I have seen the https://developer.apple.com/documentation/sign_in_with_apple/revoke_tokens but I cannot call this method from the app: this API route returns 400 from the payload I'm sending. Is there any solution to this problem rather than asking the user to remove the app manually? Can I route the user to the page with these settings? https://developer.apple.com/forums/thread/708415 - and yeah, I have seen this thing. Thank you!

Hi, I have an website with sign in with Apple enabled (using REST API). It seems the majority of my users not aware they are sharing their private email because it is the default selected option. Is there a way to require that the real email be always shared? Alternatively, is there a way to have the "Share My Email" option be the default choice?

Hi everyone, we are developing Ionic mobile app with .NET server part, now we are trying to implement apple authorization, it works properly with web(user can authorize and server receives callback), but it is not working with mobile, we can authorize and get response on client side with token and code, but it not initiate callback to server, we found a difference in apple endpoint that we call for web and for mobile(in query parameters for mobile- response_mode = web_message and for web- response_mode = form_post), we can't change url for mobile app, because we are using SignInWithApple from @capacitor-community/apple-sign-in, does anyone have experience with this problem? Thanks in advance.

I am working on a financial application that falls under Indian jurisdiction, which has specific regulations prohibiting the use of relay or proxy emails for sign-up processes. Given that the "Hide My Email" feature in "Sign in with Apple" provides a relay email, I'm trying to understand how I can remain compliant with these regulations while offering "Sign in with Apple" as a sign-up option. My proposed flow: Allow users to use "Sign in with Apple" for authentication. Check if the user has opted for the "Hide My Email" feature. If they have, show an error message explaining the regulatory restriction and prompt them to either: a) Use "Sign in with Apple" without the "Hide My Email" option OR b) Use our standard "Sign up with Email and Password" flow. I would like to understand if such an approach is acceptable according to Apple's guidelines. Would there be any issues or recommendations from Apple's side on implementing this flow? Thank you for your assistance and guidance!

I'm using apple login in my web app and passing the redirect URI to apple URL. It's working fine on all browsers except Safari. On Safari instead of opening the URL in a new tab it's showing the finger touch enabled login popup. Which is causing the issue and my redirect URI is not getting passed and I'm not able to receive the code and other details from apple. Can anyone please help me resolve this issue. Angular Code: const openNewWindow = window.open( 'https://appleid.apple.com/auth/authorize?response_type=code&response_mode=form_post&scope=name%20email&state=W4cL2JgRJq&client_id=CLIENT_ID&redirect_uri='+ this.AppleURL',"_blank" ); try { openNewWindow.opener = window; window.addEventListener('message', event => { this.signInWithApple(JSON.parse(event.data)); });window.addEventListener('message', event => { this.signInWithApple(JSON.parse(event.data)); }); } catch (error) { console.log("error",error); } Redirect URI js code:

I'm in the process of setting up Apple Sign-In for our web portal. The web portal doesn't have a related Apple application. I've been reviewing the documentation provided at https://developer.apple.com/help/account/configure-app-capabilities/configure-sign-in-with-apple-for-the-web/ and attempting to set it up. It appears that this might not be possible without an existing Apple application associated with the web portal. According to https://developer.apple.com/help/account/configure-app-capabilities/configure-sign-in-with-apple-for-the-web/: To configure web authentication, you must create a Services ID and associate your website to an existing primary iOS, macOS, tvOS, or watchOS App ID enabled for Sign in with Apple. Does this imply that it's not feasible without an existing Apple application?

Hello - migrated from darksky to WeatherKit in April of this year. With some difficulty finally got the REST API to work via the following resources: https://developer.apple.com/weatherkit/get-started/ which is horribly inadequate for JWT instructions. So i also used: https://dev.iachieved.it/iachievedit/weatherkit-rest-api/ which was quite helpful. As stated, in April i managed to get this working. About a week ago it stopped working. The response from my calls are 401 Unauthorized in the header and { "reason": "NOT_ENABLED" } in the body. I believe the key i created expired and thus WeatherKit stopped responding. So i tried to re-enable access using the same Apple key and a new JWT signature. That did not seem to work, so i removed the old key and created a new one. Downloaded the p8 file and used openssl on my ubuntu server to create pem and pub files for the jwt token. Still nothing. I have tried almost all combinations of keys and ID #s in the JWT.io console that i can think of. Importantly, nowhere in the official Apple documentation does it say what parameters the key creation and expiry dates can be. Does the key creation date have to match the date the key was created in Apple Developer Console??? What expiry dates are valid???? No idea. I have submitted a code level request, but they punted me to feedback which apparently does nothing. Still no resolution, nor have i been contacted once by an Apple representative. This is what my $200 developer fee gets me?! Unacceptable. If anyone has any idea on how to resolve this issue and/or create valid jwt tokens easier (via PHP preferably), i'm all ears. Thanks, airyt

Hello, I need to use a apple sign in in ios application, i get my authorization code from hybryde apllication : let options: SignInWithAppleOptions = { clientId: ConstConfig.APPLE_CLIENT_ID, redirectURI: ConstConfig.APPLE_REDIRECT_URI, scopes: ConstConfig.APPLE_SCOPES, state: ConstConfig.APPLE_STATE, nonce: ConstConfig.APPLE_NONCE }; SignInWithApple.authorize(options) .then((result: SignInWithAppleResponse) => { this.authenticate.appleAuthorizationCode = result.response.authorizationCode; this.authenticate.appleUser = result.response.user; this.authenticate.appleIdentityToken = result.response.identityToken; i send this 3 value to my backend JAVA to validate the accessToken and get the refrsh token, validate java Method : logger.info("Apple authorization validation"); // get the subject received from the client String clientSubject = getSubject(identityToken); // verifying the code by the apple server String token = getToken(); logger.debug("Authorize with token:" + token); Map<String, String> params = new HashMap<>(); params.put("client_id", APPLE_CLIENT_ID); params.put("client_secret", token); params.put("code", authorisationCode); params.put("grant_type", "authorization_code"); params.put("redirect_uri", ""); if (redirectURI != null) { } String response = post(APPLE_AUTH_URL, params); logger.info("Apple authorization response:" + response); AppleTokenResponse tokenResponse = objectMapper.readValue(response, AppleTokenResponse.class); if (tokenResponse.getError() != null && tokenResponse.getError().length() > 0) { logger.warn("Error during verification of the code. Reason:" + tokenResponse.getError()); return null; } String serverSubject = getSubject(tokenResponse.getId_token()); if (!serverSubject.equals(clientSubject)) { logger.warn("Validation failed, subject does not match!"); return null; } return getClaims(tokenResponse.getId_token()); the JWT TOken : return Jwts.builder() .setHeaderParam(JwsHeader.KEY_ID, APPLE_KEY_ID) .setHeaderParam(JwsHeader.ALGORITHM,"ES256") .setIssuer(APPLE_TEAM_ID) .setAudience(APPLE_APPLE_ID_URL) .setSubject(APPLE_CLIENT_ID) .setExpiration(new Date(System.currentTimeMillis() + (1000 * 60 * 5))) .setIssuedAt(new Date(System.currentTimeMillis())) .signWith(SignatureAlgorithm.ES256, pKey) .compact(); how i get my private key : File file = new File(APPLE_CERTIFICATE_PATH); try { PEMParser pemParser = new PEMParser(new FileReader(file)); JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject(); APPLE_PRIVATE_KEY = converter.getPrivateKey(object); logger.info("load apple private keys Ok."); } catch (Exception ex) { logger.error("error on generate apple sign in private Key : ", ex); } thr response still return : {"error":"invalid_grant","error_description":"client_id mismatch. The code was not issued to bundleID"}, i don't know the reason. i read that i nedd to check in testFlit, ido but i still get the same error, i also put the same redirect_url in front and back (for me that not needed because i dont use u web sign in ) but i still get the same error. for my bundle id i use the APP Identifier not the service Identifier in front and back. its correct ? thank for your help.

Hi, We have a iOS app where users can purchase videos from others. Purchasing happens through In-app purchasing and our client get the money. So when the owner of the videos need to cashout the money he gets from the video selling, we need to implement an option for that. Currently we have a manual process for that. Our major mode of receiving payments is CashApp but when automating it with custom API it is giving error code : 8447435879 , 18447435879 Can Anyone tell me what exactly is this error code about? Note : we are synchronising the API with REST API

Hey i am trying to Link Zelle API with SWIFT Based Ecommerce Store , Getting error code 8889275440 , and 18889275440 , Am trying to track and put balance into users account as i receive the payment from user and post directly to his account when he tries to add funds , But getting the above two error codes

I have the below code block to call the token endpoint. The endpoint succeeds from Postman with JSON response but from my web application, it fails with CORS error. What could be the reason for this behavior? const axios = require('axios'); const qs = require('qs'); let data = qs.stringify({ 'grant_type': 'authorization_code', 'code': 'xxxxxxyyyyybbb, 'redirect_uri': 'https:myApp/login', 'client_id': 'com.myclient_id', 'client_secret': 'myworkingsecret' }); let config = { method: 'post', maxBodyLength: Infinity, url: 'https://appleid.apple.com/auth/token', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, data : data }; axios.request(config) .then((response) => { console.log(JSON.stringify(response.data)); }) .catch((error) => { console.log(error); });

We are implementing a web app with Angular as frontend and java springboot as backend. while trying to use signin with Appleid in our application login page, we are getting Invalid_Client. please find the attached log and image of error. log.txt

Hey i am trying to integrate my api with my machine for some testing work but it is showing me an error code possibility combinations 18336324201 , 08336324201 , 8336324201 , Can anyone help me out fixing this i have been working really hard for this project

In the app I am currently creating, I want to make the user logged in only after signing in with apple and making in-app purchases. In other words, if the user only creates an account and does not make in-app purchases, he/she is not logged in, and we do not want to display the "delete account" button. However, if the user leaves the app without making an in-app purchase, the account information will be kept on the server. I understand that after 6/30/2022, users must be able to delete their accounts. Can we use a batch process to periodically delete accounts that have not made in-app purchases and hit the API for token deletion to satisfy the app's review requirements? Also, would it be a problem if we mention in the terms of service, etc. that accounts that have not made in-app purchases are to be deleted periodically?

We are currently developing a new iOS application, and we plan to use Sign in with Apple for user authentication. We have a few questions related to this. We understand that Sign in with Apple is compliant with OpenID Connect. However, in our service, the use cases for access_token and refresh_token are limited. Therefore, even if we do not use these tokens, is there a possibility that we will receive a rejection in the Apple Store Review process? Specifically, we are thinking of saving the user's identifier, which can be obtained at the time of authentication, on our server and using it to identify the user. ASAuthorizationAppleIDCredential According to Apple's guidelines (5.1.1 Data Collection and Storage), we need to invalidate the user's tokens when the account is deleted. Does this requirement apply even if the token has already expired? App Store Review Guidelines 5.1.1 Revoke tokens Thank you in advance for your help!

Identifiers > Web Authentication Configuration > Website URLs select domains and subdomains or return urls is not working what's problem ?

Hi there, when using Touch ID, the call back following a request to auth/authorize does not include any user information ( user={} ), but it does if the user log in using a password. Is there a reason ? How to handle that Thanks

HI just wondering if other users are experiencing apple authentication being down. I am unable to sign in using apple auth into my application, and wanted to know if this was server or client side