Hi, I followed step by step documentation to implement SignIn with Apple in iOS/Android application.
I created an AppId com.nhp.queenergy, a related ServiceId com.nhp.queenergy.apple, and a KeyId.
Authorization request is correctly performed by using ServiceId as client_id and my backend redirect_uri I receive code on my backend
Token request is performed by using ServiceId as client_id, same redirect_uri, the code I have just received and the client_secret as JWT signed with my .p8 certificate with the following decoded structure
Header { "kid": <KeyId>, "typ": "JWT", "alg": "ES256" }
Payload { "iss": <TeamId>, "sub": "com.nhp.queenergy.apple", "aud": "https://appleid.apple.com", "exp": 1756113744, "iat": 1756111944 }
I always receive "invalid_grant" error without any further error description.
Moreover the error is always the same even though I use any fake string as client secret. If the code expires, as expected the error changes by adding "The code has expired or has been revoked."
I really don't know how to solve this issue
Best regards