Hi everyone!
For an application we are currently developing we've recently integrated with Auth0 for our identity management. Auth0 also makes it "very easy" to integrate other login types such as social login with Google and Apple through their Web Authentication flow.
During our last iteration we implemented social login with Apple. After following Auth0's "How-to", we were seemingly able login with Apple across all environments, which means; App Review time. And this is where things get shakey.
The App Review team has rejected the app multiple times, under the reason of "Signing in with Apple returns an error". Diving into our authentication logs shows that their attempt to sign in results in an error from Apple being "invalid_grant (The code has already been used.)".
After some further investigation, it appears that other developers are facing the same issue, as seen in this thread: https://developer.apple.com/forums/thread/679534
These other developers have proposed a number of things to do:
- Submit an appeal for the rejection
- Ask the App Review Team to try another Apple ID, because a developer has raised that the issues were related to the AppleID Apple was using for review;
- Open a TSI
Based on this, we've decided to do all three of them. On top of that, we also shot in a ticket with Auth0 asking for support. This has now resulted into a situation where different parties are referring to each other for help.
The appeal committee has referred back to to the App Review team, since they "are the most direct communication path to the team and we must reply directly reply to the reviewer with the requested information.
We asked the App Review Team to try a different account for signing in with Apple, even providing them with one of our test accounts and including a video recording that the feature works for us using various accounts. Their response being that "during review they still found issues using Sign in with Apple and they are unable to provide technical assistance with the reported issues." and that "we can file a TSI for technical support".
As you can guess, we filed a TSI explaining our technical issue, reporting also the response given by the Apple Sign In services. Their response being that "App Review is dedicated by a dedicated support team" and that I can contact them through a web form (which is the same web form for the appeal committee.
Auth0 also replied with the fact that this is an Apple response and it is unclear for them on why this is happening, even referring to the same thread posted earlier. Auth0 recommended us to try the three options I also listed before.
You imagine how frustrating this is as a developer, where even Apple points fingers to different teams and our submission is blocked for a week already because of this. My questions based on this long story is:
- Does anyone have any experience with a similar error coming from Sign in with Apple?
- What other communication channels can you guys suggest to finding a proper solution for this?
Big thanks in advance guys!
