Sign in with Apple Revocation goes through but ineffective? Radar time?

Question

SwiftUWhy OP

Created May ’24

Replies 1

Boosts 1

Participants 2

Good day folks,

We have a workflow setup where a new Sign in with Apple user registers (first SIWA login where user can pick name and show/hide email), and the server-side code obtains a refresh token from SIWA REST API. That refresh token is stored internally against the user's profile in the DB for future use.

Whenever user account is deleted from server-side, we use that refresh token to revoke Sign in with Apple (so that the user would need to go through registration flow rather than sign in- where they have an option to specify name and show/hide email).

That has been working beautifully until we have added an AppClip to the app. The code which obtains the refresh token "respects" the correct bundle ID for the main app / app clip, and everything seems to work. Both of Apple's APIs return OK codes. In fact, we even get the email from Apple when token is revoked which reads "APP_NAME has revoked your Sign in with Apple account. Next time you use Sign in with Apple to sign in to your onUgo Access account, you will have to share your name and email again".

Problem is- it doesn't. SIWA still offers to "sign in" as if account is still linked, and the app still shows up as "App using Sign in with Apple" in iPhone settings. What's even more mysterious is that you can't delete/revoke/"Stop using Apple ID" on that SIWA link with the app from iPhone settings too! It seems to work, but the app never goes away from the list, as if it fails silently.

Could anyone please help shed some light on this?

Boost

Answer 1

DTS Engineer OP

Apple

Jun ’24

Hi @SwiftUWhy,

Before I begin my investigation, I want to explain our code-level support process for issues related to Sign in with Apple—as the issue you’re reporting may be the result of any of the following:

An error in your app or App Clip.
A configuration issue in your Developer Account.
An internal issue in the operation system or Apple ID servers.

To prevent sending sensitive information in plain text, you should create a report in Feedback Assistant to share the details requested below. Additionally, if I determine the error is caused by an internal issue in the operating system or Apple ID servers, the appropriate engineering teams have access to the same information and can communicate with you directly for more information, if needed. Please follow the instructions below to submit your feedback.

For issues occurring with your native app, perform the following steps:

Install the Accounts/AuthKit profile on your iOS, macOS, tvOS, watchOS, or visionOS device.
Reproduce the issue and make a note of the timestamp when the issue occurred, while optionally capturing screenshots or video.
Gather a sysdiagnose on the same iOS, macOS, tvOS, watchOS, or visionOS device.
Ensure your feedback contains the following information:
1. the App ID or Bundle ID for your primary app
2. the App ID for your App Clip
3. the user’s Apple ID, email address, and/or identity token
4. the sysdiagnose gathered after reproducing the issue
5. the timestamp of when the issue was reproduced
6. screenshots or videos of errors and unexpected behaviors (optional)

Submitting your feedback

Before you submit to Feedback Assistant, please confirm the requested information above is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Sign in with Apple client.

After your submission to Feedback Assistant is complete, please respond to this post with the Feedback ID. Once received, I can begin my investigation and determine if this issue is caused by an error within your client, a configuration issue within your developer account, or an underlying system bug.

Cheers,

Paris

0