Sign in with Apple setup: invalid_request "Invalid client scope"

Question

edosensei OP

Created Sep ’21

Replies 1

Boosts 0

Views 4.0k

Participants 2

I'm trying to set up Sign in with Apple for the first time and I'm getting the following error:

invalid_request "Invalid client scope"

I'm using Drupal 9 with the OpenID Connect module.

I'm trying to let users sign in with Apple on an Ionic React app hosted from my Drupal site. (Later I will add Sign in with Apple to the iOS version of the Ionic app.)

I have the mobile app registered in my Apple developer account and I have enabled sign in with Apple. I also created a services ID for web signin.

To connect via OpenID, I'm using this Services ID as my client ID and the downloaded key as the OpenID secret.

After configuring the Drupal OpenID Connect module, I have a sign in with Apple link on the Drupal site like this:

https://appleid.apple.com/auth/authorize?client_id=com.MYAPP.signinwithapple&response_type=code&scope=openid%20email%20profile&redirect_uri=https%3A//MYSITE.lndo.site/openid-connect/apple&state=5jhlthzdRB1j307mmUl_P4CCCT8LargJlIROAdn6NY0

However, when I click this link, I get the "Invalid client scope" error. I can't figure out what this error means so I don't know how to debug further. Any help would be much appreciated.

Boost

Answer 1

DTS Engineer OP

Apple

Sep ’21

Hi edosensei,

The scope query parameter supports the following values for Sign in with Apple:

name
email

Your Drupal-provided request contains scope=openid%20email%20profile, which is invalid.

You can learn more about the required query parameters in the following documentation:

Incorporating Sign in with Apple into Other Platforms

If you have further questions about Sign in with Apple, please submit a Technical Support Incident and I'll be happy to assist.

Cheers,

Paris

1