I am trying to recreate the following example. However, when i create a Singleton class MyModel and bind the familyActivityPicker like this
@ObservedObject var model = MyModel.shared
....
....
Button("Present FamilyActivityPicker") { isPresented = true }
.familyActivityPicker(isPresented: $isPresented, selection: $model.discouragedApps)
Then in my DeviceActivityExtension I try to access the discouraged applications, this way
let model = MyModel()
let applications = model.discouragedApps
But the model.discouragedApps is always empty. How do I pass the selected applications into my extension. In all of the documentation this part is very conveniently left unexplained.
Can I use the local storage to save the user selection and then read it from there instead of having to use the Singleton pattern ?
Explore the intersection of business and app development. Discuss topics like device management, education, and resources for aspiring app developers.
Post
Replies
Boosts
Views
Activity
We are facing issue SSO from some days its was working fine few days before.
In apple devices, we are facing issue that once user enters the username and password, it is asking again when user logs in.
All things were fine no changes in system only thing, this issue started happening for may be iOS 16 updated.
We have implemented SSO using Microsoft AD.
Things working for all other OS (Windows, Android) except iOS.
When we specified a "Unlisted app" by InstallApplication(MDM command),
the response state is NeedsRedemption.
This is the request and response.
■Request
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"[]>
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>dd3fe1a1-a1a7-4987-8201-447e815bd6f9</string>
<key>Command</key>
<dict>
<key>RequestType</key>
<string>InstallApplication</string>
<key>Attributes</key>
<dict>
<key>Removable</key>
<false />
</dict>
<key>Identifier</key>
<string>******</string>
<key>ChangeManagementState</key>
<string>Managed</string>
<key>InstallAsManaged</key>
<true />
<key>ManagementFlags</key>
<integer>4</integer>
</dict>
</dict>
</plist>
■Response
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"[]>
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>dd3fe1a1-a1a7-4987-8201-447e815bd6f9</string>
<key>Identifier</key>
<string>******</string>
<key>State</key>
<string>NeedsRedemption</string>
<key>Status</key>
<string>Acknowledged</string>
<key>UDID</key>
<string>00008110-001E74C814EA401E</string>
</dict>
</plist>
I think non-VPP apps don't need redemption codes.
Is there a way to install "Unlisted app" without using a redemption code?
Hello,
I had to create an IKE VPN profile to use this service from my Mac running Ventura, so I was directed to the Apple Configurator application where I was able to find how to proceed, except that the import was not successful. not, here are the logs that I capture on the ProfilesSettingsExt processes:
[ERROR] [501:CPPrefPaneExt:<0x3faf>] [CE] XPC: InstallProfile <User:501> ==> Error Domain=ConfigProfilePluginDomain Code=-319 "Les données utiles « Service VPN » n’ont pas pu être installées. Le serveur VPN n’a pas pu être créé." UserInfo={NSLocalizedDescription=Les données utiles « Service VPN » n’ont pas pu être installées. Le serveur VPN n’a pas pu être créé.}
[501:CPPrefPaneExt] Number of <Device> profiles found: 0 (Filtered: 0)
[501:CPPrefPaneExt] ReloadProfiles: device profiles: 0
[501:CPPrefPaneExt] === CPF_GetInstalledProfiles === (<User: 501>)
[501:CPPrefPaneExt] Number of <User: 501> profiles found: 0 (Filtered: 0)
[501:CPPrefPaneExt] ReloadProfiles: user profiles: 0
[501:CPPrefPaneExt] Building ProfilesListView with sections:Optional(0) selection:Binding<Set<String>>(transaction: SwiftUI.Transaction(plist: []), location: SwiftUI.LocationBox<SwiftUI.FunctionalLocation<Swift.Set<Swift.String>>>, _value: Set([])) emptyList:Optional("Aucun profil installé") oip: true disableRemove: true
[501:CPPrefPaneExt] ProfileInstall: PROGRESS: <Completed>
[501:CPPrefPaneExt] [CE] Profile installation (IKEv2 test (laptop.64286FD8-B086-4A63-A1BB-D9CFA279F231:08BFF8E1-3296-43E6-9CEC-A40B31A4A7D4)) ==> Error Domain=ConfigProfilePluginDomain Code=-319 "Les données utiles « Service VPN » n’ont pas pu être installées. Le serveur VPN n’a pas pu être créé." UserInfo={NSLocalizedDescription=Les données utiles « Service VPN » n’ont pas pu être installées. Le serveur VPN n’a pas pu être créé.}
Warning: -[NSWindow makeKeyWindow] called on _NSAlertPanel 0x7fa91294aa50 which returned NO from -[NSWindow canBecomeKeyWindow].
order window: 15f op: 1 relative: 15f related: 0
Item (<private>) is attached but is too large to fit without clipping. minWidth=72.000000
It works if I try to import L2TP or IPSEC profiles with total random parameters.
Issue Description: We have observed that the DDM Status response is expected to be provided daily at specific timestamps or sometimes randomly for certain devices to obtain the complete DDM status report. The following daily pattern is observed for DDM requests to MDM:
Endpoint -> Status
Endpoint -> Tokens
After receiving a full report from DDM, it proceeds to fetch any changes in declarations from DDM via a tokens request. In iOS 17/macOS 14 also, the same full reports are received daily, but they include new properties in the status report, such as "FullReport": true.
Sample Status Response :
{
"StatusItems" : {
"FullReport" : true,
"client-capabilities" : {
"supported-versions" : [
"1.0.0"
],
"supported-payloads" : {
"declarations" : {
"activations" : [
"com.apple.activation.simple"
],
"assets" : [
"com.apple.asset.credential.acme",
"com.apple.asset.credential.certificate",
"com.apple.asset.credential.identity",
"com.apple.asset.credential.scep",
"com.apple.asset.credential.userpassword",
"com.apple.asset.data",
"com.apple.asset.useridentity"
],
"configurations" : [
"com.apple.configuration.account.caldav",
"com.apple.configuration.account.carddav",
"com.apple.configuration.account.exchange",
"com.apple.configuration.account.google",
"com.apple.configuration.account.ldap",
"com.apple.configuration.account.mail",
"com.apple.configuration.account.subscribed-calendar",
"com.apple.configuration.legacy",
"com.apple.configuration.legacy.interactive",
"com.apple.configuration.management.status-subscriptions",
"com.apple.configuration.management.test",
"com.apple.configuration.passcode.settings",
"com.apple.configuration.security.certificate",
"com.apple.configuration.security.identity",
"com.apple.configuration.security.passkey.attestation",
"com.apple.configuration.softwareupdate.enforcement.specific",
"com.apple.configuration.watch.enrollment"
],
"management" : [
"com.apple.management.organization-info",
"com.apple.management.properties",
"com.apple.management.server-capabilities"
]
},
"status-items" : [
"account.list.caldav",
"account.list.carddav",
"account.list.exchange",
"account.list.google",
"account.list.ldap",
"account.list.mail.incoming",
"account.list.mail.outgoing",
"account.list.subscribed-calendar",
"device.identifier.serial-number",
"device.identifier.udid",
"device.model.family",
"device.model.identifier",
"device.model.marketing-name",
"device.model.number",
"device.operating-system.build-version",
"device.operating-system.family",
"device.operating-system.marketing-name",
"device.operating-system.supplemental.build-version",
"device.operating-system.supplemental.extra-version",
"device.operating-system.version",
"device.power.battery-health",
"management.client-capabilities",
"management.declarations",
"mdm.app",
"passcode.is-compliant",
"passcode.is-present",
"security.certificate.list",
"softwareupdate.failure-reason",
"softwareupdate.install-reason",
"softwareupdate.install-state",
"softwareupdate.pending-version",
"test.array-value",
"test.boolean-value",
"test.dictionary-value",
"test.error-value",
"test.integer-value",
"test.real-value",
"test.string-value"
]
},
"supported-features" : {
}
}
},
"device" : {
"identifier" : {
"serial-number" : "S7T95QN0XP",
"udid" : "00000-AAAAA-111111-BBBBB"
},
"model" : {
"marketing-name" : "iPhone 14 Plus",
"number" : "AB523HN/A",
"identifier" : "iPhone14,8",
"family" : "iPhone"
},
"operating-system" : {
"marketing-name" : "iOS 17.0",
"family" : "iOS",
"supplemental" : {
"extra-version" : "",
"build-version" : "21A5312c"
},
"build-version" : "21A5312c",
"version" : "17.0"
}
},
"mdm" : {
"app" : [
{
"version" : "1452",
"state" : "managed",
"external-version-id" : "123456789",
"identifier" : "com.xxxxx.yyyy.zzzz",
"name" : "App Name",
"short-version" : "23.XX.XY"
},
{
// app details
},
{
// app details
},
{
// app details
}, etc...
]
},
"passcode" : {
"is-present" : true,
"is-compliant" : true
},
"management" : {
"declarations" : {
"activations" : [
{
"active" : true,
"identifier" : "DEFAULT_ACT_0",
"valid" : "valid",
"server-token" : "1"
}
],
"configurations" : [
{
"active" : true,
"identifier" : "DEFAULT_STATUS_CONFIG_0",
"valid" : "valid",
"server-token" : "2"
}
],
"assets" : [
],
"management" : [
]
}
},
"security" : {
"certificate" : {
"list" : [
]
}
},
"softwareupdate" : {
"install-reason" : {
"reason" : [
]
},
"install-state" : "none",
"pending-version" : {
},
"failure-reason" : {
"count" : 0
}
}
"Errors" : [
]
}
Followed by Tokens Request :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Endpoint</key>
<string>tokens</string>
<key>MessageType</key>
<string>DeclarativeManagement</string>
<key>UDID</key>
<string>00000-AAAAA-111111-BBBBB</string>
</dict>
</plist>
May I know if this is a behavior, and is it possible to control DDM status report polling data or time?
Thanks in Advance
Hi Team,
I want to send server capability to iphone for watchos pairing token . I tried following payload and its not working. Can you provide example of it?. Also how to find server protocol version. I could not find any documentation around it.
{
"Identifier": "server-capabilities-list",
"ServerToken": "$serverToken",
"Type": "com.apple.management.server-capabilities",
"Payload": {
"Version": "2",
"SupportedFeatures": {
"com.apple.mdm.token" : {},
}
}
}
https://developer.apple.com/documentation/devicemanagement/managementservercapabilities
Hello Community,
My devices are listed on the Apple MDM. Previously few days back they were working fine as they were responding to every command pushed via MDM but today they are not responding neither updating their status even of active/inactive etc anything? Kindly your kind help would be needed
Hi Apple Community,
Problem Description:
Regarding the transition from MDM (Mobile Device Management) profiles to DDM (Declarative Device Management) profiles, as announced during WWDC 2023, this marks a significant step forward in simplifying our device management process.
When we attempted to test this transition with the 17 developer beta OS version devices, we encountered a notable challenge. Specifically, when trying to apply a DDM Webclip legacy profile configuration to a device that already had the same profile applied through MDM. We received the following status response from DDM: "The profile “<profile_identifier>” cannot replace an existing profile." As a result, the configuration was not applied.
However, after removing the existing applied MDM profile and then reapplying the same profile as a legacy profile via DDM, the configuration was successfully applied.
My DDM Configuration:
{
"Type": "com.apple.configuration.legacy",
"Identifier": "DEFAULT_APP_CATALOG_CLIP_CONFIG",
"ServerToken": "3",
"Payload": {
"ProfileURL": "https://mdmtest:8080/certificates/appConfig.mobileconfig"
}
}
My DDM Status Response :
{
"StatusItems" : {
"management" : {
"declarations" : {
"activations" : [
{
"active" : true,
"identifier" : "DEFAULT_ACT_0",
"valid" : "valid",
"server-token" : "1"
},
{
"active" : false,
"identifier" : "DEFAULT_APP_CATALOG_CLIP_ACT",
"valid" : "valid",
"server-token" : "3"
}
],
"configurations" : [
{
"reasons" : [
{
"details" : {
"Error" : "The profile “<profile_identifier>” cannot replace an existing profile."
},
"description" : "Configuration cannot be applied",
"code" : "Error.ConfigurationCannotBeApplied"
},
{
"details" : {
"Identifier" : "DEFAULT_APP_CATALOG_CLIP_ACT",
"ServerToken" : "3"
},
"description" : "Activation “DEFAULT_APP_CATALOG_CLIP_ACT:3” has errors.",
"code" : "Error.ActivationFailed"
}
],
"active" : false,
"identifier" : "DEFAULT_APP_CATALOG_CLIP_CONFIG",
"valid" : "invalid",
"server-token" : "3"
},
{
"active" : true,
"identifier" : "DEFAULT_STATUS_CONFIG_0",
"valid" : "valid",
"server-token" : "2"
}
],
"assets" : [
],
"management" : [
]
}
}
},
"Errors" : [
]
}
Kindly help us with this issue.
Note : We have posted a feedback in Feedback Assistant portal FB13132059 - along with device sysdiagnose.
Hello,
ContentFilterUUID in WebContentFilter payload can be used for "Per-App content filter" - the UUID can be used in app attributes, as stated in the doc:
A globally-unique identifier for this content filter configuration. Managed apps with the same ContentFilterUUID in their app attributes have their network traffic processed by the content filter.
Do I understand right that if we want the profile to be globally applied, it should NOT contain the ContentFilterUUID key ?
We're seeing cases where setting the key would make the profile doing nothing on the device, but the documentation is not 100% clear on this.
Any clarification would be very appreciated !
Thanks
When I execute the InstalledApplicationList(MDM command),
A part of the response is Incorrect.
TikTokLite is not a managed app according to the later methods.
This is the request and response.
■Request
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"[]>
<plist version="1.0">
<dict>
<key>Command</key>
<dict>
<key>ManagedAppsOnly</key>
<true />
<key>RequestType</key>
<string>InstalledApplicationList</string>
</dict>
<key>CommandUUID</key>
<string>8dffac1f-55df-40b1-8c69-414dfb8aedac</string>
</dict>
</plist>
■Response
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"[]>
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>8dffac1f-55df-40b1-8c69-414dfb8aedac</string>
<key>InstalledApplicationList</key>
<array>
<dict>
<key>AdHocCodeSigned</key>
<false />
<key>AppStoreVendable</key>
<true />
<key>BetaApp</key>
<false />
<key>BundleSize</key>
<integer>12525568</integer>
<key>DeviceBasedVPP</key>
<false />
<key>DynamicSize</key>
<integer>12288</integer>
<key>ExternalVersionIdentifier</key>
<integer>858324287</integer>
<key>HasUpdateAvailable</key>
<false />
<key>Identifier</key>
<string>net.skyseaclientview.mdm</string>
<key>Installing</key>
<false />
<key>IsAppClip</key>
<false />
<key>IsValidated</key>
<true />
<key>Name</key>
<string>SKYSEA MDM</string>
<key>ShortVersion</key>
<string>1.1.182200</string>
<key>Version</key>
<string>36</string>
</dict>
<dict>
<key>AdHocCodeSigned</key>
<false />
<key>AppStoreVendable</key>
<true />
<key>BetaApp</key>
<false />
<key>BundleSize</key>
<integer>266919936</integer>
<key>DeviceBasedVPP</key>
<false />
<key>DynamicSize</key>
<integer>15335424</integer>
<key>ExternalVersionIdentifier</key>
<integer>858769767</integer>
<key>HasUpdateAvailable</key>
<false />
<key>Identifier</key>
<string>com.ss.iphone.ugc.tiktok.lite</string>
<key>Installing</key>
<false />
<key>IsAppClip</key>
<false />
<key>IsValidated</key>
<true />
<key>Name</key>
<string>TikTokLite</string>
<key>ShortVersion</key>
<string>29.3.16</string>
<key>Version</key>
<string>2931603</string>
</dict>
</array>
<key>Status</key>
<string>Acknowledged</string>
<key>UDID</key>
<string>00008120-000C28DC0AB8C01E</string>
</dict>
</plist>
・TikTokLite does not appear in the "Mobile Device Management App" in the iPhone's Settings app.
Is this right?
If this is expected response, Is there a way to judge that the app is a managed app?
This is the Device information.
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"[]>
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>31317d47-355c-40cb-ad72-3bff6c57989b</string>
<key>QueryResponses</key>
<dict>
<key>AvailableDeviceCapacity</key>
<real>112.608231424</real>
<key>BatteryLevel</key>
<real>0.97999999999999998</real>
<key>BluetoothMAC</key>
<string>***</string>
<key>BuildVersion</key>
<string>20F66</string>
<key>CellularTechnology</key>
<integer>1</integer>
<key>DataRoamingEnabled</key>
<false />
<key>DeviceCapacity</key>
<real>128</real>
<key>DeviceName</key>
<string>***</string>
<key>EASDeviceIdentifier</key>
<string>***</string>
<key>IMEI</key>
<string>***</string>
<key>IsActivationLockEnabled</key>
<true />
<key>IsCloudBackupEnabled</key>
<true />
<key>IsDeviceLocatorServiceEnabled</key>
<true />
<key>IsDoNotDisturbInEffect</key>
<false />
<key>IsMDMLostModeEnabled</key>
<false />
<key>IsRoaming</key>
<false />
<key>IsSupervised</key>
<false />
<key>Model</key>
<string>MQ983J</string>
<key>ModelName</key>
<string>iPhone</string>
<key>ModemFirmwareVersion</key>
<string>1.70.02</string>
<key>OSVersion</key>
<string>16.5</string>
<key>PersonalHotspotEnabled</key>
<false />
<key>ProductName</key>
<string>iPhone15,3</string>
<key>SerialNumber</key>
<string>***</string>
<key>SubscriberMCC</key>
<string></string>
<key>SubscriberMNC</key>
<string></string>
<key>UDID</key>
<string>00008120-000C28DC0AB8C01E</string>
<key>VoiceRoamingEnabled</key>
<false />
<key>WiFiMAC</key>
<string>***</string>
<key>iTunesStoreAccountHash</key>
<string>***</string>
<key>iTunesStoreAccountIsActive</key>
<true />
</dict>
<key>Status</key>
<string>Acknowledged</string>
<key>UDID</key>
<string>00008120-000C28DC0AB8C01E</string>
</dict>
</plist>
Problem Description:
We are using manageVPPLicensesByAdamIdSrv API for assigning licenses for serial numbers. We get "Internal error - 9603" response for this API when assigning the API for valid adamID of an app. When using the same API other apps, this issue doesn't occur. AdamID: 720111835. The license is assigning properly for the same app in VPP License Management 2.0.0 + - Associate Assets API. Currently, we will not able to the new API. We overcame this issue by creating a new location token in the same organization and purchasing the same app in it and using it to assign the license to device for the same app which is successful.
Kindly help us with this issue.
Request:
{"pricingParam":"STDQ","disassociateSerialNumbers":["SAMPLESERIAL"],"adamIdStr":"720111835","sToken":"********************","notifyDisassociation":false}
Response:
{"errorMessage":"Internal error.","errorNumber":9603,"status":-1}
I am trying apple declarative management protocol. I would like to get management.client-capabilities from device on demand apart from incremental updates when device upgrades. Is this possible by some declaration or workaround
without reenrolling device ?
Sample subscription:
{
"Identifier": "status-subscriptions1",
"ServerToken": "$serverToken",
"Type": "com.apple.configuration.management.status-subscriptions",
"Payload": {
"StatusItems": [
{
"Name": "device.operating-system.build-version"
},
{
"Name": "device.identifier.serial-number",
},
{
"Name": "device.identifier.udid",
},
{
"Name" : "device.model.family",
},
{
"Name" : "device.model.identifier",
},
{
"Name" : "device.model.marketing-name",
},
{
"Name" : "device.model.number",
},
{
"Name" : "device.operating-system.family",
},
{
"Name" : "device.operating-system.marketing-name",
},
{
"Name" : "device.operating-system.supplemental.build-version",
},
{
"Name" : "device.operating-system.supplemental.extra-version",
},
{
"Name" : "device.operating-system.version",
},
{
"Name" : "diskmanagement.filevault.enabled",
},
{
"Name": "mdm.app"
},
{
"Name": "management.client-capabilities",
},
{
"Name": "security.certificate.list",
},
{
"Name": "passcode.is-compliant",
},
{
"Name": "passcode.is-present",
}
]
}
}
Good morning,
I am very beginners student of openFrameworks. I'm following a tutorial trying to create a new class with openFrameworks but I cannot compile it in the right way. This because the tutorial I found in on Visual Studio and i'm working on a Mac with Xcode.
This problem is blocking me and I cannot go on with the course.
Can someone help me translate the code to create a new class from Visual Studio to Xcode? The language is the same, but the programme in this case is slightly different.
On Visual Studio the files are Class.H and Class.Cpp
THIS IS CLASS.H VISUAL STUDIO
#pragma once
#include "ofMain.h"
class ball {
public:
ball();
void setup (ofVec2f initialPos, ofVec2f initialVel, float rad);
void update ();
void draw();
ofVec2f pos;
ofVec2f vel;
ofVec2f radius;
};
CLASS.CPP VISUAL STUDIO
#include "ball.h"
ball :: ball();{
}
void ball :: setup(ofVec2f initialPos, ofVec2f initialVel, float rad); {
ofVec2f initialPos;
ofVec2f initialVel;
float rad;
}
//--------------------------------------------------------------
void ball::update()
{
pos += vel;
if ((pos.x > ofGetWidth ()) || (pos.x < 0)){
vel.x *= -1;
}
if ((pos.y > ofGetWidth ()) || (pos.y < 0)){
vel.y *= -1;
}
//--------------------------------------------------------------
void ball::draw(){
ofDrawCircle (pos.x, pos.y, radius);
}
On Xcode it is slightly different and I don't know how to translate it.
Here is the setting for the two XCode pages CLASS.H and CLASS.M
CLASS.H
//
// Default Classes.h
// default classes
//
// Created by Valerie Tameu on 23/08/23.
//
#import <Foundation/Foundation.h>
NS_ASSUME_NONNULL_BEGIN
@interface Default_Classes : NSObject
@end
NS_ASSUME_NONNULL_END
and CLASS.m
//
// Default Classes.m
// default classes
//
// Created by Valerie Tameu on 23/08/23.
//
#import "Default Classes.h"
@implementation Default_Classes
@end
Somebody can help me to traslate the code of Visual Studio here in XCode?
Thank you for the help!
Red edilen uygulamaya sadece "Reply to App Review" diyerek geri cevap alabilir miyiz?
Daha önce yaptığımda 3,4 gün beklememe rağmen bir cevap alamadım, hataya geçen sürümü tekrar review göndermek zorundamıyız?
Hi, Im testing protecting iMessages using an managed ID with iOS 16.6. With a managed ID, it seems iMessages sycned to iClould is not available nor are iMessages backed up using the backup option on the device. When is this feature expected to be available?
Thanks,
Mohsin
I have submit my request a month ago and I didn't get any reply yet. I've seen that other developers are getting their approval or rejection after a couple of weeks.
Is anyone in this situation? how long does it usually take?
I've not been able to find instructions for m y scenario. Both Macs are running Sonoma. They are both logged in as me via iCloud. What/where are the settings to enable me to remotely access the other Mac from a different house in a different town?
** Hi Community,**
We have been testing on using oauth2 for User Enrollment.Where as per doc provided we have supplied the method, authorization-url, token-url, redirect-url, client-id in the 401 response from MDM Server
Authorization Request
As mentioned the apple client performed authorization request by adding state, login_hint to the Authorization-url and the params mentioned above and successfully received the authorization code after the user makes a login with the IDP.
<<<<< Request
GET /oauth2/authorization?response_type=code
&client_id=XXXXXXXXXX
&redirect_uri=apple-remotemanagement-user-login:/oauth2/redirection
&state=XXXXXXXXXX
&login_hint=useroa@example.com HTTP/1.1
Host: mdmserver.example.com
------- MULTIPLE REQUESTS BETWEEN CLIENT Server ----------
>>>>> Response
HTTP/1.1 308 Permanent Redirect
Content-Length: 0
Location: apple-remotemanagement-user-login:/oauth2/redirection
?code=XXXXXXXXXX&state=XXXXXXXXXX
.
Token Request
Using the code received from authorization server apple client performs this step to get the access_token and refresh_token.I am using a authorization server created by default in my Okta domain and this step fails.
<<<<< Request
POST /oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 195
grant_type=authorization_code
&code=XXXXXXXXXXXX
&redirect_uri=apple-remotemanagement-user-login:/oauth2/redirection
&client_id=XXXXXXXXXX
>>>>> Response
HTTP/2 401 Unauthorized
Content-Type: application/json
{
"error": "invalid_client",
"error_description": "Client authentication failed. Either the client or the client credentials are invalid."
}
When debugged this issue, As per Okta's doc https://developer.okta.com/docs/guides/implement-grant-type/authcode/main/#exchange-the-code-for-tokens The client must specify Their credentials in Authorization header as Authorization : Basic <client_id>:<client_secret> in order to get the access_token
And Also as per RFC-6749 https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3 The Confidential Clients must specify their client_id, client_secret provided by the authorization server to receive the access_tokens.
May I know how to overcome this issue or did I missed any steps that may include the Authorization header
Thanks in Advance,.
When pushing the “ScheduleOSUpdate” command to a Supervised MDM enrolled iPad device, command fails with the following error.
Available OS Update response
<key>AvailableOSUpdates</key>
<array>
<dict>
<key>AllowsInstallLater</key>
<false/>
<key>Build</key>
<string>20G75</string>
<key>DownloadSize</key>
<integer>4456890240</integer>
<key>HumanReadableName</key>
<string>iOS 16</string>
<key>InstallSize</key>
<integer>467664896</integer>
<key>IsCritical</key>
<false/>
<key>ProductKey</key>
<string>iOSUpdate20G75</string>
<key>ProductName</key>
<string>iOS</string>
<key>RestartRequired</key>
<true/>
<key>Version</key>
<string>16.6</string>
</dict>
</array>
<key>CommandUUID</key>
<string>AvailableOSUpdates</string>
<key>Status</key>
<string>Acknowledged</string>
ScheduleOSUpdate command
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>ScheduleOSUpdate</string>
<key>Command</key>
<dict>
<key>RequestType</key>
<string>ScheduleOSUpdate</string>
<key>Updates</key>
<array>
<dict>
<key>ProductKey</key>
<string>iOSUpdate20G75</string>
<key>InstallAction</key>
<string>Default</string>
<key>ProductVersion</key>
<string>16.6</string>
</dict>
</array>
</dict>
</dict>
</plist>
ScheduleOSUpdate command response
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>AttemptOSUpdate</string>
<key>Status</key>
<string>Acknowledged</string>
<key>UDID</key>
<string>****</string>
<key>UpdateResults</key>
<array>
<dict>
<key>ErrorChain</key>
<array>
<dict>
<key>ErrorCode</key>
<integer>12057</integer>
<key>ErrorDomain</key>
<string>MCMDMErrorDomain</string>
<key>LocalizedDescription</key>
<string>The update failed to download.</string>
<key>USEnglishDescription</key>
<string>The update failed to download.</string>
</dict>
<dict>
<key>ErrorCode</key>
<integer>2202</integer>
<key>ErrorDomain</key>
<string>DeviceManagement.error</string>
<key>LocalizedDescription</key>
<string>A download failed.</string>
</dict>
<dict>
<key>ErrorCode</key>
<integer>31</integer>
<key>ErrorDomain</key>
<string>com.apple.softwareupdateservices.errors</string>
<key>LocalizedDescription</key>
<string>The operation couldn’t be completed. (com.apple.softwareupdateservices.errors error 31.)</string>
</dict>
</array>
<key>InstallAction</key>
<string>Error</string>
<key>ProductKey</key>
<string>iOSUpdate20G75</string>
<key>Status</key>
<string>DownloadFailed</string>
</dict>
</array>
</dict>
</plist>
As seen in the AvailableOSUpdate response, this device is applicable for iOS 16 update but unable to update manually as well as via MDM.
The device has the following message showing up, is there any relation between the MDM command failing and this message.
This iPad device is currently running "12.1.4" OS version
Kindly confirm the reason for this message and the reason for this failure via MDM.
And also confirm if there are any restrictions to update to certain major OS versions from lower OS versions, if so kindly share any documentation available regarding this.

I downloaded Apple Configurator v1.1 from the App Store to an iPad 9th Gen running iPadOS 16.1. When I try to launch the Configurator, the display goes black for a second and then returns to the home screen. I have neither a current Mac available nor an iPhone, only a stack of new iPads purchased through Amazon.