Sign In With Apple from AWS Cognito returns Invalid Client

App & System Services General
chrisparedes OP
Created Mar ’21
Replies 5
Boosts 0
Views 3.8k
Participants 3
TL;DR

I have created and recreated all of the items necessary to enable sign in with apple, but I keep getting invalid client. I have seen other posts with people running in to the same thing, but at this point I have not found an explanation that gets me unstuck.


I have a React Native app that I am building with an AWS backend. I followed the steps listed in an AWS doc (Apple won't let me list the URL. WTF), and have gone through this 3 times now. When I enable Sign In With Apple and test through the hosted UI, I get the same response every time: Invalid Client.

Apple's documentation says the following about an invalid_client response:


The client authentication failed, typically due to a mismatched or invalid client identifier, invalid client secret (expired token, malformed claims, or invalid signature), or mismatched or invalid redirect URI.

I'm really blocked at this point. I was able to get sign in with Google going no problem. Due to Apple's new(er) requirement, I have to also include Sign In With Apple. I'm just a team of one and don't have the resources to spend much more time on this, so I am close to needing to punt completely and remove both sign in with Google and Sign in With Apple. Which is incredibly frustrating since one works perfectly.

If anyone has been able to resolve this issue, I would appreciate any help.

TIA


Replies  5
Boosts  0
Views  3.8k
Participants  3
mylogon OP
Mar ’21
If you take a look on this forum, there are at least another 2 tickets on here for the same "invalid_client" issue. We've wasted loads of time on this too. See about keeping an eye on the wider forum in case another ticket gets some traction!
0
mylogon OP
Mar ’21
We got this resolved by going into the More > Configure and adding our domain, making sure the SPF tick is green (if its not green, do a quick google to find out how to fix it for your config). After this, we stopped getting invalid_client errors.
The thing that made us stumble on this was it didn't appear important on account of it saying it was for the emails - we skimmed over it thinking we could come back to it later..
0
chrisparedes OP
Mar ’21
Thanks for your response, that sounds really promising. When you say go to More > Configure, which page are you referring to? If I can figure that out I think I might be unstuck!
0
chrisparedes OP
Mar ’21
Well, this is good but incredibly frustrating. I was trying to find where the More > Configure page was, and without changing literally anything, I decided to just try it again. And it worked. Maybe a cache thing? ¯_(ツ)_/¯

My big concern is that it could just break again since I have no idea what fixed it. Arg.
0
polyrhythmm OP
Dec ’24
  1. Go to AWS Cognito
  2. Select user User Pool
  3. Select Social and external providers
  4. Select SignInWithApple
  5. Select Identity provider information / Edit
  6. Double check all the information in here matches your Apple credentials.

My issue was that the Amplify CLI uploaded my Key ID for two fields and once I fixed that, as well as the email thing, it worked.

0
Sign In With Apple from AWS Cognito returns Invalid Client
First post date Last post date
 
 
Q