Is there any documentation about the server to server notification, specifically what sort of data Apple servers send to our server when there is an update to users who used Sign in with Apple?

When I use the Generate and Validate Tokens endpoint - https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens with an Authorization Grant Code, the endpoint returns a refresh_token and id_token among other things. When the id_token expires, I can use the refresh_token to create a new one. However, when I use the refresh token on this endpoint, it doesn't return a new refresh_token. Why is that?

We have changed return URLs for one Service ID, but the change is not propagated. The old return URL still works and we get "Invalid web redirect URL". We even tried deleting Service ID with old return URLs and created new Service ID with new redirect URLs. But the only one that works is the one that we deleted.

I am sending a user to the apple authentication site where they fill in their apple login information on a form: const signInWithApple = () => { const params = { client_id: Config.APPLE_AUTH_CLIENT_ID, redirect_uri: 'https://www.example-site.com/auth/apple/', scope: 'name email', response_type: 'code', response_mode: 'form_post', }; const loginUrl = `https://appleid.apple.com/auth/authorize?${queryString.stringify(params)}`; window.open(loginUrl, '_blank', `scrollbars=yes, width=520, height=570`); }; After it has authenticated the user, it redirects the user to the URL that is defined in the redirect_uri property. Then I verify the token and log in the user on my end. That works beautifully. The problem occurs when, instead of opening the window with the form fields, it opens a sheet at the bottom of the Safari mobile browser to allow the user to use face id. If you follow through with that, it looks like it recognizes your face and closes the sheet but it never redirects the user to my URL page where I log in the user after verifying their token. Has anybody encountered this? I would love some ideas on how to solve this please!

We recently are adding apple signup in our app and in our db we have 50 chars as max length of user identifiers. i was wondering how long they can be on apple and whether we should tweak the max length on our side.

Hi everyone! I am in the process of transferring an app from account (A) to account (B), and I am wondering how the various steps in the documentation link to the transfer process. In particular: https://developer.apple.com/documentation/sign_in_with_apple/transferring_your_apps_and_users_to_another_team -> I understood that this process can be done BEFORE the migration to create all the transfer_sub beforehand. https://developer.apple.com/documentation/sign_in_with_apple/bringing_new_apps_and_users_into_your_team -> when can this be done? After initiating the transfer or only after the transfer is completed? Moreover, what about the private key used for Sign in With Apple from the old team? Will it still work before/after the transfer, or in which step it will stop work? For example, in Firebase we set-up the Apple Sign in using the (A) team_id and private_key. When should we change this in Firebase? After initiating the transfer, after the transfer is completed? Will the old key stop working after the transfer is completed? Thank you!

Hello, I have implemented a while ago Sign IN with REST API in PHP code. It worked. Now it doesn't. When I redirect to apple with a request: https://appleid.apple.com/auth/authorize?scope=name%20email&state=fffffffstateherefffffff&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmydomain.pl%2Fconnect%2Fapple%2Fcheck&client_id=pl.myclientid&response_mode=form_post I can login via Apple ID and then I am redirected to my webpage. But instead of POST redirect with a code param, I am redirected with GET wihtout the code. The docs says that if I use response_mode=form_post Apple should redirect to me with POST method. But it doesn't. I cannot figure out why. Is this a bug?

Hi guys, I have been using a services id for my apps and websites to use Sign in with Apple feature over 3 months. All of a sudden the website urls and return urls I newly add to the services id don't work. I am getting "invalid_request Invalid web redirect url." errrors. I have checked the urls carefully, (https), I also added many new ones but none of them worked. In order to test it I also removed some of the current return urls from my websites to see if it will stop working but no, the ones I removed still work which kind of confirms my theory that it does not update the list, it is bugged. Quite weirdly, the new native apps I submitted to the store also does not work, it gives the error "Sign-up Not Completed" Does any one have any idea? Such a weird problem all of a sudden

Some background: A user must sign up for an account on our platform via a browser before they can sign in to our iOS app using an Apple ID otherwise we present the following error message as shown in the attached image. Authentication and session management is handled using AWS Cognito on our platform and we believe AWS Cognito is using the relevant API for Apple ID Sign Ins. For account deletion we are providing an account deletion option within the app to the user (who has to be signed in) under Account Settings. For a valid deletion request, we are deleting a user’s records from our database. For revoking, generating, and validating tokens we are using AWS cognito to handle token revocation, generation, and validation. Ask: Apple reviewers provided additional information (shown below) to help us resolve this issue. But i am not clear how this addresses their concern and would appreciate some guidance on how i could resolve it. Apple reviewer recommendation Apps that offer Sign in with Apple should use the REST API to revoke user tokens. If you have not retained the user’s refresh token, access token, or authorization code, you must still fulfill the user’s account deletion request. To learn more, we recommend reviewing the following resources: Handling account deletions and revoking tokens for Sign in with Apple Revoke tokens Generate and validate tokens

When I attempt to get authorization token I get 400 error. I pass in the following info: client id team id key identifier client secret access code redirect url I'm testing this on a launched nodejs backend, and a testflight build of my react native/expo app. I know my code works because I'm using the exact same setup on a different project and it works perfectly. I'm assuming I'm doing something wrong setting up the keys in apples Certificates, Identifiers & Profiles site, but anything I try doesn't work. Is there clear instructions somewhere on how this should be set up?

Hello community! To begin I want to say that I am a junior developer. We are about to publish our app, after several tests in TestFlight and we received that our app was rejected for the following reason: Guideline 4.0 - Design Your app offers Sign in with Apple as a login option but does not follow the design and user experience requirements for Sign in with Apple. Specifically: - Your app requires users to provide their name and/or phone number after using Sign in with Apple. This information is already provided by the Authentication Services framework. These requirements provide the consistent experience users expect when using Sign In with Apple to authenticate or log in to an account. Next Steps Please review the Sign in with Apple experience in your app to address the issues we identified above. Resources To learn more about App Store design requirements, see App Store Review Guideline 4 - Design. For an overview of design and formatting recommendations for Sign in with Apple, review the Human Interface Guidelines. The application, after logging in with apple, gives the user the option to edit the name and phone number, and we save that information in our personalized server. And I am using the Ionic-Cordova framework and for Google Plus authentication --> cordova-plugin-googleplus. I was reading the guides and the resources that they offer me, but I did not reach a good resolution. Any ideas for this problem? Thank you so much!

Hi. I transfered an app that uses apple login. but, I didn't do the Transferring your apps and users to another team process, So, I'm working on Bringing new apps and users into your team. Is it possible to transfer a user with just Bringing new apps and users into your team.? I'm having trouble with the part where I get the access_token from the Bringing new apps and users into your team. action. I've only entered it with the NEW TEAM's information. POST /auth/token HTTP/1.1 Host: appleid.apple.com Content-Type: application/x-www-form-urlencoded grant_type=client_credentials&scope=user.migration&client_id={client_id}&client_secret={client_secret} client_id : APP bundle ID client_secret : Created by referencing [Create the client secret] in Generate and validate tokens. require 'jwt' key_file = 'key.p8' team_id = 'TeamID' client_id = 'AppID' key_id = 'KeyID' ecdsa_key = OpenSSL::PKey::EC.new IO.read key_file headers = { 'kid' => key_id } claims = { 'iss' => team_id, 'iat' => Time.now.to_i, 'exp' => Time.now.to_i + 86400*180, 'aud' => 'https://appleid.apple.com', 'sub' => client_id, } token = JWT.encode claims, ecdsa_key, 'ES256', headers puts token POST /auth/token HTTP/1.1 Host: appleid.apple.com Content-Type: application/x-www-form-urlencoded grant_type=client_credentials&scope=user.migration&client_id={client_id}&client_secret={client_secret} { "error": "invalid_client" } Thank you.

HI just wondering if other users are experiencing apple authentication being down. I am unable to sign in using apple auth into my application, and wanted to know if this was server or client side

Hi there, when using Touch ID, the call back following a request to auth/authorize does not include any user information ( user={} ), but it does if the user log in using a password. Is there a reason ? How to handle that Thanks

Identifiers > Web Authentication Configuration > Website URLs select domains and subdomains or return urls is not working what's problem ?

We are currently developing a new iOS application, and we plan to use Sign in with Apple for user authentication. We have a few questions related to this. We understand that Sign in with Apple is compliant with OpenID Connect. However, in our service, the use cases for access_token and refresh_token are limited. Therefore, even if we do not use these tokens, is there a possibility that we will receive a rejection in the Apple Store Review process? Specifically, we are thinking of saving the user's identifier, which can be obtained at the time of authentication, on our server and using it to identify the user. ASAuthorizationAppleIDCredential According to Apple's guidelines (5.1.1 Data Collection and Storage), we need to invalidate the user's tokens when the account is deleted. Does this requirement apply even if the token has already expired? App Store Review Guidelines 5.1.1 Revoke tokens Thank you in advance for your help!

In the app I am currently creating, I want to make the user logged in only after signing in with apple and making in-app purchases. In other words, if the user only creates an account and does not make in-app purchases, he/she is not logged in, and we do not want to display the "delete account" button. However, if the user leaves the app without making an in-app purchase, the account information will be kept on the server. I understand that after 6/30/2022, users must be able to delete their accounts. Can we use a batch process to periodically delete accounts that have not made in-app purchases and hit the API for token deletion to satisfy the app's review requirements? Also, would it be a problem if we mention in the terms of service, etc. that accounts that have not made in-app purchases are to be deleted periodically?

Hey i am trying to integrate my api with my machine for some testing work but it is showing me an error code possibility combinations 18336324201 , 08336324201 , 8336324201 , Can anyone help me out fixing this i have been working really hard for this project

We are implementing a web app with Angular as frontend and java springboot as backend. while trying to use signin with Appleid in our application login page, we are getting Invalid_Client. please find the attached log and image of error. log.txt