I am doing Sign in with Apple for the first time.
My problem is, every time I parse `ASAuthorizationAppleIDCredential.identityToken` on jwt.io and on code, the `kid` is always changing. I don't know if this is really just the case or I am doing something wrong on my end. Maybe wrong instantiation of `ASAuthorizationAppleIDProvider`, `ASAuthorizationAppleIDRequest` or ASAuthorizationController`.
@available(iOS 13.0, *)
private lazy var authorizationController: ASAuthorizationController = {
let provider = ASAuthorizationAppleIDProvider()
let request = provider.createRequest()
request.requestedScopes = [.fullName, .email]
let controller = ASAuthorizationController(authorizationRequests: [request])
controller.delegate = self
if let landingVC = self.delegate as? LandingViewController {
controller.presentationContextProvider = landingVC
}
return controller
}()
/// Sign in with Apple button was tapped.
func signInWithApple() {
if #available(iOS 13.0, *) {
authorizationController.performRequests()
}
}But, if it's expected to always change every time, my problem is, the parsed `kid` on my end sometimes does not match the `kid` parsed by our backend.
But, I just want to know if that's the expected behavior of kid? Thank you in advance!
Where did you read that key ID should not change ?
RFC 7517 states:
h ttps://tools.ietf.org/html/rfc7515#section-4.1.4
"kid" (Key ID) Header Parameter The "kid" (key ID) Header Parameter is a hint indicating which key was used to secure the JWS. This parameter allows originators to explicitly signal a change of key to recipients. The structure of the "kid" value is unspecified. Its value MUST be a case-sensitive string. Use of this Header Parameter is OPTIONAL. When used with a JWK, the "kid" value is used to match a JWK "kid" parameter value.
May read this discussion thread as well, explaining need to explore all possible kid
