Sign in with Apple REST API

RSS for tag

The Sign in with Apple REST API allows your app's servers to communicate with Apple’s authentication servers.

Posts under Sign in with Apple REST API tag

48 Posts
Sort by:






App Transfer and Sign in With Apple with Firebase
Hi everyone! I am in the process of transferring an app from account (A) to account (B), and I am wondering how the various steps in the documentation link to the transfer process. In particular: -> I understood that this process can be done BEFORE the migration to create all the transfer_sub beforehand. -> when can this be done? After initiating the transfer or only after the transfer is completed? Moreover, what about the private key used for Sign in With Apple from the old team? Will it still work before/after the transfer, or in which step it will stop work? For example, in Firebase we set-up the Apple Sign in using the (A) team_id and private_key. When should we change this in Firebase? After initiating the transfer, after the transfer is completed? Will the old key stop working after the transfer is completed? Thank you!
Jul ’23
Using Apple Sign in, why is apple auth not redirecting after authenticating (when using face id)?
I am sending a user to the apple authentication site where they fill in their apple login information on a form: const signInWithApple = () => { const params = { client_id: Config.APPLE_AUTH_CLIENT_ID, redirect_uri: '', scope: 'name email', response_type: 'code', response_mode: 'form_post', }; const loginUrl = `${queryString.stringify(params)}`;, '_blank', `scrollbars=yes, width=520, height=570`); }; After it has authenticated the user, it redirects the user to the URL that is defined in the redirect_uri property. Then I verify the token and log in the user on my end. That works beautifully. The problem occurs when, instead of opening the window with the form fields, it opens a sheet at the bottom of the Safari mobile browser to allow the user to use face id. If you follow through with that, it looks like it recognizes your face and closes the sheet but it never redirects the user to my URL page where I log in the user after verifying their token. Has anybody encountered this? I would love some ideas on how to solve this please!
Aug ’23
Apple Sign-in: Invalid_grant
After successfully logging in using apple sign-in. I get back the default response: the authorization code. I send the entire payload to my backend to which I then, use the docs - to verify the auth_code. I get back this response. { "error": "invalid_grant", "error_description": "client_id mismatch. The code was not issued to com.example.bundle." } I've checked the bundleId several times. I've created new Identifiers and keys, used those new values instead and I get the same issue. According to the errorResponse - documentation: invalid_grant The authorization grant or refresh token is invalid, typically due to a mismatched or invalid client identifier, invalid code (expired or previously used authorization code), or invalid refresh token. Any recommended test solutions to diagnose this issue?
Jul ’23
Safari Web Extension and Sign in with Apple
My existing chrome extension has "Sign in with Apple" given that we have iOS users. When user clicks "Continue with Apple" button in the extension log in pop up, this is what we do: javascript '' + clientID + '&redirect_uri=' + backEndURL + '&response_type=id_token%20code&response_mode=form_post&scope=email%20name', 'Sign in with Apple', 'height=500,width=400,left=600,top=200,status=no,location=no,toolbar=no,menubar=no' ) In chrome, this opens a popup window with that URL. In Safari Converted Web Extension, it opens custom Apple sign in flow, where it says: "Do you want to sign in to *** with your Apple ID YYY?" and then with my mac password I'm able to authenticate. Afterwards, nothing happens. Expected: a redirect to the URL specified in the Now let's do a trick: I'll wrap the above code into javascript setTimeout (() = { (...)}, 3000) Because of security reasons, safari then won't open the popup after 3s and will display a notification in the toolbar "Popup blocked..". If we allow the popup, then it finally opens as a normal window popup and after sign in, it redirects to our backend and it successfully authenticates. Any ides what how to solve this? P.S. We're not able to use embedded Sign in with Apple JS - script because we can't host a remote code in the extension (it will be deprecated soon). So, we arere using this. -
May ’24
Using a refresh token does not return a new refresh_token
When I use the Generate and Validate Tokens endpoint - with an Authorization Grant Code, the endpoint returns a refresh_token and id_token among other things. When the id_token expires, I can use the refresh_token to create a new one. However, when I use the refresh token on this endpoint, it doesn't return a new refresh_token. Why is that?
Jul ’23