Apple require us to implement Sign in with Apple latest by 30th April 2020 for new app and June 2020 for existing app updates. And yet the documentation is severely lacking, what should we do after getting user data from Sign in with Apple on iOS side? What does the error message like invalid_client even mean? You start to worry what if you couldn’t implement Sign in with Apple before the deadline, and Apple rejected your app upcoming update, causing the delay of some fixes/updates to your app, which makes your users and your boss unhappy 😣.
You have followed a tutorial on how to implement Sign in with Apple step by step, but you are stuck at the dreaded “invalid_client” or "invalid_grant" error every time you try to validate the authorization code with /auth/token.
Alright, I know it tells me the client is invalid... then what should I do to fix this?!
You checked your client_id, client_secret and even the redirect_uri parameters, all of them seem correct, then you try to swap client_id with the app bundle ID, web services ID, changing the headers used to generate the client secret JWT… hours has passed and despite all the trial and error, you are still getting the same “invalid_client” error! 🤬
The error message “invalid_client” isn’t particularly helpful as it doesn’t say which part of your code is wrong, could it be your client_id? client_secret? or could it be the authorization code that you’ve gotten from the app isn’t formatted properly? You wished Apple would provide a more helpful error message on solving the issue.
After spending countless hours battling the token validating issue, you have finally managed to retrieve the token! yay! But now you are stuck again, as there isn’t even a word in Apple documentation on how to handle subsequent REST API call after user has signed in successfully! As the token returned from validating authorization code is just valid for 10 minutes, and Apple only allow refreshing token once a day (more than that will result in throttling), how should we handle subsequent REST API call to the backend using token?
There’s an endpoint to get Apple public key, but how do I even use this hash to verify signature?! This certainly doesn’t look like a public key file format (eg: —–BEGIN PUBLIC KEY—– xxxxxx —–END PUBLIC KEY—– ) :
Enough complain about Apple, let’s pause a moment and imagine....
Wouldn’t it be nice if there’s a straightforward, step-by-step guide which you can follow to implement Sign in with Apple? From generating public key, validate authorization code, validating and parsing identityToken to subsequent REST API calls between your iOS app to your server?
You could implement Sign in with Apple within a day, and continue working on features or bug fixes that matters, which make your users happier (and also your boss).
Most of the frustration arise when implementing Sign in with Apple is because we haven’t deal with JSON Web Token before, and generating a JSON Web Token (JWT) for the client_secret can be a confusing step especially Apple is using a quirky algorithm named “RS256” elliptic curve.
IdentityToken retrieved from Apple’s API is also in JWT format, which contains an unique identifier for the user in the sub key :
The value of sub, 001802.ba20d2adb5954ff0ace4972268a21303.1014 is the unique user ID (which correspond to an Apple ID) for your app.
The book will show the overall flow of Sign in with Apple, and explain each of steps from retrieving authorizationCode from iOS app, to generating client secret, to overview of your own access token generation strategies. All of the backend steps involved with Sign in with Apple comes with sample code in Ruby, PHP, Python and NodeJS.
This book is focused on practical steps (using libraries for handling cryptography and decoding, instead of explaining theory and rolling your own), concisely written to help you finish implement the whole Sign in with Apple flow as quickly as possible, so you can move on to implement those really important features / fixes.
Sign in with Apple should be the new default in your apps. Here’s a decent book with sample codes on how to implement it on your server and the app ✌️ https://t.co/McAe11gRzi— Bobby Bobak @ Filtru ☕️ (@bobek_balinek) April 22, 2020
Absolutely! I understand that it's hard to know whether a book you found online will actually help. You can download the 2 free sample chapters plus table of contents, and see if it's right for you
If using this book does not help you learn and implement Sign in with Apple, let me know, within 30 Days of the date of your purchase, and I'll give you a complete refund. No argument. No risk. 100% guaranteed. You can contact me at firstname.lastname@example.org
Have any questions? Contact me at email@example.com, I'll be happy to answer.
Hi, I'm Axel Kee. I’ve been developing iOS apps for companies, clients and myself — from small indie app (they cover my daily coffee money ☕️) to social app that get hundreds of thousands of downloads — since 2016.
I have been writing about iOS development stuff at my blog since 2018 as well.