Repeated Sign in with Apple Server to Server notification from Apple

App & System Services General
satheesh-anecure OP
Created Aug ’23
Replies 4
Boosts 0
Views 792
Participants 2

We have been using Sign in with Apple feature in our app for more than 3 years, and integarated Apple Server to Server notification for SiwA webhook to handle the login status.

Recently we are seeing huge traffic with repeated notification event "account-deleted" for the same Apple account.

The payload we receive in the webhook url is legitimate since the jwt token is properly signed and the source IP is from the Apple network. And we respond back with 200 but still the same is getting repeated.

The actual account deletion happened in December 2022 and we get the same event repeated till now. Does anybody else see this kind of issue?

Please help how do we handle/stop this.

Replies  4
Boosts  0
Views  792
Participants  2
DTS Engineer OP
Apple
Aug ’23

Hi sateesh-anecure,

You wrote:

Recently we are seeing huge traffic with repeated notification event "account-deleted" for the same Apple account. [...] The actual account deletion happened in December 2022 and we get the same event repeated till now. Does anybody else see this kind of issue?

To prevent sending sensitive JSON Web Tokens (JWTs) in plain text, you should create a report in Feedback Assistant to share the details requested below. Additionally, if I determine the error is caused by an internal issue in the operating system or Apple ID servers, the appropriate engineering teams have access to the same information and can communicate with you directly for more information, if needed. Please follow the instructions below to submit your feedback.

For issues occurring with your web service, ensure your feedback contains the following information:

  • the primary App ID and Services ID
  • the user’s Apple ID, email address, and/or identity token
  • the duplicate server-to-server notification requests, including all parameter values, and error responses (if applicable)
  • the timestamp of when the issue was reproduced (optional)
  • screenshots or videos of errors and unexpected behaviors (optional)

Important: If providing a web service request, please ensure the client secret (JWT) has an extended expiration time (exp) of at least three (3) days, so I have enough time to diagnose the issue. Additionally, if your request requires access token or refresh tokens, please provide refresh tokens as they do not have a time-based expiration time; most access tokens have a maximum lifetime of one (1) hour, and will expire before I have a chance to look at the issue.

Submitting your feedback Before you submit to Feedback Assistant, please confirm the requested information above (for your native app, web service, or email delivery) is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Sign in with Apple client.

After your submission to Feedback Assistant is complete, please respond to this post with the Feedback ID, so I can escalate internally.

Cheers,

Paris

0
satheesh-anecure OP
Aug ’23

Hi @ppinkney - here is the feedback id FB12977778 that i have posted which has the details which you have asked for

0
satheesh-anecure OP
Aug ’23

Hi @ppinkney - Is there any update on this request pls? The previously sumbmitted feedback has some allignment issue which merged all the line spaces into a single paragraph and made the info unreadable. To ease this for you, I have created a new feedback FB13038968 which has an attachment file that has clear information

0
satheesh-anecure OP
Nov ’23

Hello, is anyone from Apple consider fix this issue which is acknowledged by @ppinkney ? This issue is really affecting our PROD servers very badly At least give us some workaround to stop these calls invoked from your end

0
Repeated Sign in with Apple Server to Server notification from Apple
First post date Last post date
 
 
Q