Hi,
I am currently implementing a validation on Apple OAuth token. When a user is trying to register, client-side receives tokens from Apple and sends the token when requesting a sign up. Therefore, I need to validate the OAuth token that it is an actual token from Apple.
These are my questions:
-
I've done some research and seems like that Apple does not allow me to have static client_secret which I need for token validation request. Also, I need to use the
.p8which I got when registering a app to the app store. But I'm uncertain of what I can do with the.p8to receive the client secret. -
I think that I need to send the request with the token to this url
https://appleid.apple.com/auth/token. Am I able to send an access token for validation? On Apple's developer document, it says that I need to send a refresh token.https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens
Thank you.
