earlier replies
Replying to @darryl_young @aaronpk
Nope. It's still on our backlog to fix someday, but I'm waiting for their implementation to be more stable.
1
1
Ah, that’s a shame. It seemed to be going well so far and I thought I'd be done today but since getting "invalid_grant" I've made no progress (I'm using it in an Expo app). I've seen it mentioned in a few places but nobody seems to have a solution. Thanks for the quick reply. 👍
1
They pushed out some changes a little bit ago and I have been able to exchange the authorization code and get the user info now! I updated my post so maybe take a look through it again. developer.okta.com/blog/2019…

What the Heck is Sign In with Apple?

Sign In with Apple is based on OAuth 2.0 and OpenID Connect, and provides a privacy-friendly way for users to sign in to websites and apps

developer.okta.com
1
1
Hi, Aaron. Thanks for the link to your great article. Unfortunately, for me, I still can't get past the "invalid_grant" issue. I'm doing this for an Expo (React Native) app so things are slightly different in that I don't need redirect_url, etc. but generally it's the same. Hmm.
1
Why do you say you don't need a redirect_uri? That's probably the problem if you're not including it.
1
As I'm also using Expo, I followed the following to start with and there was no redirect_uri used. medium.com/appandflow/eli5-s… I tried with one and it didn't make a difference. Also, in Apple's documentation, it doesn't show redirect_uri as being required. developer.apple.com/document…

Generate and validate tokens | Apple Developer Documentation

Validate an authorization grant code delivered to your app to obtain tokens, or validate an existing refresh token.

developer.apple.com
1
Huh I missed that in their docs. My next guess is your client secret JWT isn't being generated properly. Try generating it with the Ruby code in my post, it's very picky.
1
Good idea. I'll give that a go. Based on the Apple docs, it requires the JWT to be created "using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm", which I'm doing with the `jsonwebtoken` library. developer.apple.com/document…
1
Make sure to include exactly the claims in their docs. I was finding some JWT libraries would add their own stuff into it or change things around slightly. Probably easiest to verify by base64 decoding the claims after you generate it.
1
Hey. Yeah, I also wondered that so I decoded the generated JWT and it looks like exactly what's required and shown at the bottom of this document. developer.apple.com/document…
3
Replying to @darryl_young
I remembered why `redirect_uri` is optional in their docs 😂 They document both the auth code and refresh token request with the same list. You don't send the `redirect_uri` when using a refresh token, hence it's an optional parameter.

Nov 6, 2019 · 5:19 PM UTC