Hello!In our app we let users authenticate with Facebook, Google and our company’s own account. So, we've our custom authentication (email and password).with this scenario, is it mandatory to add Sign In with Apple in our application?thanks for your time

Hi Apple Developers,I'm facing a very bad issue because I read so many guides and tutorials and nothing works.The result is always the same: {"error":"invalid_client"}I get the code, identityToken and everything I need - except the call to https://appleid.apple.com/auth/token - because of invalid_client.Here is my url for getting the code.https://appleid.apple.com/auth/authorize?response_type=code&client_id=org.example.service&redirect_uri=https%3A%2F%2Fexample.orgSo then I have the default workflow.And after accepting / loggin in I will be redirected to my page.https://example.org/?code=a277243e2ec324fb09ba1c3333a8e6576.0.abcde.u4xiTDP2qHXoNEaxrcrIGx(When I'm using the JavaScript API I'll get other informations like state, code and id_token. I already tried it with the "code" there, too.)Back to the main function.This is my request for Apple. 'client_id' => 'org.example.service', 'client_secret' => JWT-Data encoded (OPENSSL_ALGO_SHA256) see below 'grant_type' => 'authorization_code', 'code' => 'a277243e2ec324fb09ba1c3333a8e6576.0.abcde.u4xiTDP2qHXoNEaxrcrIGx'JWT Header:{ "alg": "ES256", "kid": "1ABC2345DE" }JWT Payload:{ "iss": "1A234BCD56", "iat": 1571269964, "exp": 1571273564, "aud": "https://appleid.apple.com", "sub": "org.example.service" }Response:{ "error": "invalid_client" }The useless error message of the world.I dont know why the client should be invalid.I have a key in https://developer.apple.com/account/resources/authkeys/list with downloaded file name AuthKey_1ABC2345DE.p8. (means 1ABC2345DE is my key id)Then I have a native iOS app with identifier "org.example" and a service with identifier "org.example.service".Its not working with both ids and mixed different things.Nothing. invalid_client.Can anyone help me please? I'm sitting here for hours and getting only invalid_client 😭

I have Sign With Apple fully functional on the primary app, and I am trying to configure it for the second App ID.The second App ID is configured to be grouped with the primary app, but when I attempt to login it shows the details of the second app, not the primary app.I first attempted this when Sign With Apple was still in Beta and assumed that was the problem because it would keep reverting the second app back to being a primary app. But it still seems to be an issue.For context, both apps are part of the same Xcode project, but have different Schemes and Build Configurations.

Hi Apple,I am attempting to get Sign in with Apple working in the Unity editor. I intend to use Unity's REST functions to facilitate this. I have found an article (linked below) that describes "Incorporating Sign in with Apple into Other Platforms". I need to either generate or find my program's client_id. The article says "client_id: (Required) The developer’s client identifier, as provided by WWDR.". I not understand what WWDR is or how I can use it to get my client_id, I would love your help on this.https://developer.apple.com/documentation/signinwithapplejs/incorporating_sign_in_with_apple_into_other_platformsThere don't seem to be any community guides on how to function as another platform, but there are some on building a web app. To function as a web app all the guides say that I need to create a Service ID. To add Sign in with Apple functionality to that ID I need to give it a web domain that will use Sign in with Apple. I am trying to build a Unity app, so this mandatory field seems strange to me, I am not sure what I ought to put there.Even if I got my client id from WWDR, I would need a valid redirect uri. The article does not state how to set one of these. The only place that I have found to do so is in creating a Service ID. But if a Service ID is needed, it would also contain a client id, removing the need to use a WWDR. This all has led to me being quite confused. Could you please give me some pointers here, either about how to get / use WWDR or what the web domain field on Service ID's is supposed to mean if my application is not a web app? It would be really appreciated.Thanks.

When going to Settings/[your apple id]/Password & Security/Apps using Apple ID, the apps listed here normally have an app icon, and the name of the app displayed. Bird is a good example of this. You see the icon, then "Bird - Be Free, Enjoy the Ride".However, independent watch apps don't appear to get the same treatment. They have the default icon, and the Bundle ID is shown. We initially thought this will be resolved when we launched on the App Store, however that's not been the case. We also see that in apps made by other companies, they show the default icon and a string like: "XC com [BUNDLE ID] watchkitapp". Meditopia is a good example of this. As is Orange Zones. Does anyone know a way to address this correctly? It's a pretty poor user experience for a user when they go looking for a specific App and have to wade through Bundle IDs which don't necessarily reflect the User facing name of the app. Thanks,

In the document, the token endpoint returns ID Token. And this endpoint can use by auth code and refresh token.https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens#3262048I can get ID Token from this API by using an auth code.But I could not get ID Token by using a refresh token.I think I have to refresh ID Token because ID Token has expiration date.So my question is how can I get ID Token again?Is there any other api to get ID Token by access token?Or do I have to get a new auth code again?

I would like to know what flow I should follow when a user, who signed up to our app using Sign in with Apple, wants to delete their account from our platform?The reason I ask is that we only receive the user's name and email upon first sign in, so if this user ever wants to sign up to our app again (after deleting their account) using Sign in with Apple, we don't receive their email or name, since we won't receive the name and email information on successive calls to Sign in with Apple.

I have verified my domain and also registered my email address on same domain via developer portal. However I'm still not able to send emails through Apple's private email relay service.I get the following error:550 5.1.1 Relay not allowed for <xxxxxx@privaterelay.appleid.com> from domain: <***.com>I'm aware of this thread https://forums.developer.apple.com/thread/122270#380406.I tried sending on Gmail web (my registered email address with same domain). I also tried SendGrid. Both are unsuccessful. What did I possibly miss?

I'm trying to use Sign in With Apple as an option for firebase authentication. When I follow the steps to set it up, I get to the part where I have to verify the domain and email for communication. I got the email part setup, but I can't find a way to verify the domain. Here is the domain firebase gave me "project-name".firebaseapp.com. I downloaded the txt file, but from there I can't figure out how to verify it. I went to the link Apple gave but nothing was there. Where and how do I verify the domain?

Our sign in flow works flawlessly on every browser except Safari on iOS13 and latest Safari on Catalina. It *only* breaks when the native Safari auth popup are involved.We follow the flow described in: https://developer.apple.com/documentation/signinwithapplejs/incorporating_sign_in_with_apple_into_other_platformsOnce you click on the sign in button on our web app no network requests are shown in Safari dev console, even if you cancel or attempt to sign in which makes it hard to debug what the issue is.Is there any more info I can provide ? (I'll configure wireshark or similar tomorrow and see requests if any are being made).When you click cancel the popup closes and returns to our web app (albeit in a broken state since never received a response). When you click sign in it fails and native pop-up remains open.

When a user signs in with Apple and chooses not use an anonomized email address, we recieve the email address as part of the id_token. However, if that user changes their email via Apple ID account settings, the next time the user signs in with their Apple ID to our app, the email field is missing from the id_token.Is this expected behavior? Is there not a way to retrieve the user's new email address?

Hi,We are currently using Apple signin in our app in production.Our current implementation is on the backend with 2 api routes:- One to redirect to the apple authorization url => https://appleid.apple.com/auth/authorize?client_id=***&redirect_uri=XXcallback&response_mode=form_post&response_type=code&scope=name%20emailhttps%3A%2F%2Fapi-staging.me2you.com%2Fapi%2Fusers%2Fauth%2Fapple%2F- One to receive the callback and send back the user token to the mobile app in order to complete login.Everything is working well, we had more than 5k signin with AppleId in prod.But, since we use it, the native prompt permission message shows my app name as "null"Current display = >https://ibb.co/gjxtN6SIf I use the option "Use different Apple Id", it redirect the user to the web view, and in this case, I can clearly see the app name.https://ibb.co/nfbGJY9As you can see on this link, I am far to be the only one to raise this issue https://github.com/aws-amplify/amplify-js/issues/4580Some users are complaining about this issue and we didnt succeed to fix it on our side. Hope it can be fixed, it affect the quality of our app.Thanks in advance for any replies,Alex

Hi,I am trying to implement Sign In With Apple in Apple TV. The moment I click on "Sign In", I get a screen that says "A notification has been sent to nearby devices that are signed in with apple Id". However I have 2 issues here1. The notification is too slow, it takes more than 10 minutes for me to get a notification. I have both my wifi and bluetooth on, still I face the issue.2. Even when notification arrives, nothing happens on click of notification.Any suggestion or solution would be of great help.Thanks.

Hi,I have been running some deliverability tests to ensure that we can deliver emails from our approved (with Apple) sending domains to a private apple relay address, and that those emails make it to the Gmail inbox / user that was used to create the private relay email.We use 5 sending domains:messages.homeaway.compayment.homeaway.comaccounts.homeaway.combusiness.homeaway.comreviews.homeaway.comI ran a test where I sent an email from each one of those sending domains to that private relay email with a "dummy test" email body. It simply contained some text and the sending domain I used to send from. I ran this test a number of times and each result was different. The first time I got 2 of the 5 emails, the next I got 4, then 2 again but from different domains, and then one time I got all 5... It's all over the place, with no pattern in sight. In addition to this, 2 emails got automatically marked as spam by Gmail.Some relevant notes about our architecture:We use a third party vendor to deliver our emails: Sparkpost. But, the sending domains are our own as you can see.We get deliverability reports back from Sparkpost via a webhook API and all of the emails I sent were reported as delivered.I had our technical contact at Sparkpost review one of the emails and he found that "It looks like SPF and DMARC passed, which is good. It doesn't appear that there was a DKIM check between Apple and Gmail, which might mean that Apple did not DKIM sign the message - it is possible that this is impacting Gmail filtering algorithms."We are mainly looking for some more consistency and visibility into the deliverability from the private apple relay to the end user's email inbox. In my opinion, we have done all of the right configuration on our side and this should have been a successful / easy test. One last note: recently Apple changed the verification requirements on domain verification to remove the file option. We have since removed all domains and re-verified to ensure that nothing funky happened after those requirements were changed.Thanks and looking forward to a response!-Trevor

All app icon sizes are correct in assets catalog, but app icon does not appear under Apps Using Apple ID in device settings. Is there another place to set app icon for sign in with apple?Thanks.

We’re not receiving email claim in the id token on the initial authorization request with Sign in with Apple API.We faced this issue just 3 times, on 2 different apps with 2 different bundle IDs. This is not a persistent issue, most of the time it works fine.Is the email always in the id token? What are the cases in which the email isn't there?

I'm integrating the social login using apple sdk on a big brazilian e-commerce.Actually our login flow require the apple id popup solution to prevent user get out site, actually Im using this configurations on init:Init code:window.AppleID.auth.init({ clientId: 'example.client.id', redirectURI: 'https://www.oursite.com.br/login/callback', usePopup: true, })The app url is: https://www.oursite.com.br/loginobs: url is an example.Login code:try { const data = await AppleID.auth.signIn() return data //doest receive } catch (error) { console.error({error}) }THE PROBLEM IS:When popup is opened and appleid and password is correctly submit, the popup does`t retuns the promise.When cancel button is trigger the popup does`t close and error is not calledJust when popup is closed by navigation button the error is calledI need help, whats the problems on implementation?

We have begun implementing Sign in with Apple in our mobile app but cannot seem to call the token endpoint successfully (https://appleid.apple.com/auth/token). The response we get is 400 with the body [{"error":"invalid_client"}]. I have read and re-read the details on how to generate the client-secret. We are using a java backend and specifically the nimbus library to create the signed JWT.final JWSHeader clientSecretHeader = new JWSHeader.Builder(JWSAlgorithm.ES256) .keyID("7N5XJ*****") .build(); final Date issuedAtTime = Date.from(Instant.now()); final Date expirationTime = Date.from(Instant.now().plusSeconds(3600)); final JWTClaimsSet clientSecretClaims = new JWTClaimsSet.Builder() .issuer("HL46P*****") .issueTime(issuedAtTime) .expirationTime(expirationTime) .audience("https://appleid.apple.com") .subject("com.company.app") .build(); final ECPrivateKey signingKey = ...private key loaded from p8 file...; final JWSSigner jwtSigner = new ECDSASigner(signingKey); final SignedJWT clientSecretJwt = new SignedJWT(clientSecretHeader, clientSecretClaims); clientSecretJwt.sign(jwtSigner); MultiValueMap<string, string=""> map= new LinkedMultiValueMap<>(); map.add("grant_type", "authorization_code"); map.add("client_id", "HL46P*****"); map.add("client_secret", clientSecretJwt.serialize()); map.add("code", "code receiged from app..."); final HttpEntity<multivaluemap<string, string="">> request = new HttpEntity<>(map); final RestTemplate restTemplate = new RestTemplateBuilder().build(); final ResponseEntity response = response = restTemplate.postForEntity( "https://appleid.apple.com/auth/token", request, GetTokenResponse.class );The resulting JWT looks like the following:Header{ "kid": "7N5XJ*****", "alg": "ES256" }Claims{ "aud": "https://appleid.apple.com", "sub": "com.company.app", "iss": "HL46P.....", "exp": 1585583898, "iat": 1585580298 }I am out of ideas on what we are doing wrong.