Hello,
I need to use a apple sign in in ios application, i get my authorization code from hybryde apllication :
let options: SignInWithAppleOptions = {
clientId: ConstConfig.APPLE_CLIENT_ID,
redirectURI: ConstConfig.APPLE_REDIRECT_URI,
scopes: ConstConfig.APPLE_SCOPES,
state: ConstConfig.APPLE_STATE,
nonce: ConstConfig.APPLE_NONCE
};
SignInWithApple.authorize(options)
.then((result: SignInWithAppleResponse) => {
this.authenticate.appleAuthorizationCode = result.response.authorizationCode;
this.authenticate.appleUser = result.response.user;
this.authenticate.appleIdentityToken = result.response.identityToken;
i send this 3 value to my backend JAVA to validate the accessToken and get the refrsh token, validate java Method :
logger.info("Apple authorization validation");
// get the subject received from the client
String clientSubject = getSubject(identityToken);
// verifying the code by the apple server
String token = getToken();
logger.debug("Authorize with token:" + token);
Map<String, String> params = new HashMap<>();
params.put("client_id", APPLE_CLIENT_ID);
params.put("client_secret", token);
params.put("code", authorisationCode);
params.put("grant_type", "authorization_code");
params.put("redirect_uri", "");
if (redirectURI != null) {
}
String response = post(APPLE_AUTH_URL, params);
logger.info("Apple authorization response:" + response);
AppleTokenResponse tokenResponse = objectMapper.readValue(response, AppleTokenResponse.class);
if (tokenResponse.getError() != null && tokenResponse.getError().length() > 0) {
logger.warn("Error during verification of the code. Reason:" + tokenResponse.getError());
return null;
}
String serverSubject = getSubject(tokenResponse.getId_token());
if (!serverSubject.equals(clientSubject)) {
logger.warn("Validation failed, subject does not match!");
return null;
}
return getClaims(tokenResponse.getId_token());
the JWT TOken :
return Jwts.builder()
.setHeaderParam(JwsHeader.KEY_ID, APPLE_KEY_ID)
.setHeaderParam(JwsHeader.ALGORITHM,"ES256")
.setIssuer(APPLE_TEAM_ID)
.setAudience(APPLE_APPLE_ID_URL)
.setSubject(APPLE_CLIENT_ID)
.setExpiration(new Date(System.currentTimeMillis() + (1000 * 60 * 5)))
.setIssuedAt(new Date(System.currentTimeMillis()))
.signWith(SignatureAlgorithm.ES256, pKey)
.compact();
how i get my private key :
File file = new File(APPLE_CERTIFICATE_PATH);
try {
PEMParser pemParser = new PEMParser(new FileReader(file));
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject();
APPLE_PRIVATE_KEY = converter.getPrivateKey(object);
logger.info("load apple private keys Ok.");
} catch (Exception ex) {
logger.error("error on generate apple sign in private Key : ", ex);
}
thr response still return : {"error":"invalid_grant","error_description":"client_id mismatch. The code was not issued to bundleID"}, i don't know the reason.
i read that i nedd to check in testFlit, ido but i still get the same error, i also put the same redirect_url in front and back (for me that not needed because i dont use u web sign in ) but i still get the same error.
for my bundle id i use the APP Identifier not the service Identifier in front and back. its correct ?
thank for your help.
