Token Refresh

We have implemented Sign in With Apple and have a server side daily check of tokens using the "refresh_token" grant type.


https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens


For currently valid users we get a new 200 response with the Access Token as expected. However if I visit appleid.apple.com and revoke the app in there the response is "invalid_request" with a 400 response from Apple. Is this expected and is this how we tell a token is no longer valid or should we expect a different response?

Up vote post of lesmond Down vote post of lesmond
2.3k views
Posted by
lesmond
Reply
Add a Comment

Replies

I'm getting the followings in the response

{

access_token: 'xxxxxxxxxxxaxxxxxxxxx',

token_type: 'Bearer',

expires_in: 3600

}


Whereas I was expecting a TokenResponse, as per

https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens


Now the problem is access_token is if no use as of now, where do I get the followings, which were supposed to come part of TokenResponse

id_token
refresh_token

Without id_token, I can't extract user id, without refresh_token I can revalidate after the current refresh_token expires


Posted by
adnangul
Up vote reply of adnangul Down vote reply of adnangul
Add a Comment
Hello,
Have you guys found an answer on this?
Thanks
Posted by
vinnyj
Post not yet marked as solved Up vote reply of vinnyj Down vote reply of vinnyj
Add a Comment
When a user is not in good standing, I believe the apple server is expected to respond with status code 400 and the response body invalid_grant.

https://developer.apple.com/documentation/sign_in_with_apple/errorresponse
invalid_grant
The authorization grant or refresh token is invalid.

Wondering what would cause the server to return invalid_request particularly after everything has been working well for several days.
Posted by
nandanj
Post not yet marked as solved Up vote reply of nandanj Down vote reply of nandanj
Add a Comment