earlier replies
Replying to @darryl_young @jerbob92
They pushed out some changes a little bit ago and I have been able to exchange the authorization code and get the user info now! I updated my post so maybe take a look through it again. developer.okta.com/blog/2019…

What the Heck is Sign In with Apple?

Sign In with Apple is based on OAuth 2.0 and OpenID Connect, and provides a privacy-friendly way for users to sign in to websites and apps

developer.okta.com
1
1
Hi, Aaron. Thanks for the link to your great article. Unfortunately, for me, I still can't get past the "invalid_grant" issue. I'm doing this for an Expo (React Native) app so things are slightly different in that I don't need redirect_url, etc. but generally it's the same. Hmm.
1
Why do you say you don't need a redirect_uri? That's probably the problem if you're not including it.
1
As I'm also using Expo, I followed the following to start with and there was no redirect_uri used. medium.com/appandflow/eli5-s… I tried with one and it didn't make a difference. Also, in Apple's documentation, it doesn't show redirect_uri as being required. developer.apple.com/document…

Generate and validate tokens | Apple Developer Documentation

Validate an authorization grant code delivered to your app to obtain tokens, or validate an existing refresh token.

developer.apple.com
1
Huh I missed that in their docs. My next guess is your client secret JWT isn't being generated properly. Try generating it with the Ruby code in my post, it's very picky.
1
Good idea. I'll give that a go. Based on the Apple docs, it requires the JWT to be created "using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm", which I'm doing with the `jsonwebtoken` library. developer.apple.com/document…
1
Make sure to include exactly the claims in their docs. I was finding some JWT libraries would add their own stuff into it or change things around slightly. Probably easiest to verify by base64 decoding the claims after you generate it.
1
Hey. Yeah, I also wondered that so I decoded the generated JWT and it looks like exactly what's required and shown at the bottom of this document. developer.apple.com/document…
3
Ok I was curious so I tested myself. I get the `invalid_grant` error unless I include the `redirect_uri` in the POST request with the authorization code.
1
Interesting. I’ll give it a go again in case I missed something. I’m not sure what the redirect_uri will be in my React Native, though. Thanks for the help, by the way. Appreciate it.
2
Replying to @darryl_young
What URL are you sending people back to to have Apple deliver the authorization code to? That's the redirect URL, and you have to have configured it in the request and in the developer console anyway too.

Nov 6, 2019 · 5:32 PM UTC