87°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Hi, Aaron. Thanks for the link to your great article. Unfortunately, for me, I still can't get past the "invalid_grant" issue. I'm doing this for an Expo (React Native) app so things are slightly different in that I don't need redirect_url, etc. but generally it's the same. Hmm.
    Aaron Parecki
    Why do you say you don't need a redirect_uri? That's probably the problem if you're not including it.
    Malmö, Skåne län • 41°F
    Wed, Nov 6, 2019 3:35pm +01:00
    4 replies
    • Aaron Parecki twitter.com/aaronpk
      Make sure to include exactly the claims in their docs. I was finding some JWT libraries would add their own stuff into it or change things around slightly. Probably easiest to verify by base64 decoding the claims after you generate it.
      Wed, Nov 6, 2019 3:22pm +00:00 (via brid-gy.appspot.com)
    • Darryl Young twitter.com/darryl_young
      Good idea. I'll give that a go. Based on the Apple docs, it requires the JWT to be created "using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm", which I'm doing with the `jsonwebtoken` library. developer.apple.com/documentation/…
      Wed, Nov 6, 2019 3:15pm +00:00 (via brid-gy.appspot.com)
    • Aaron Parecki twitter.com/aaronpk
      Huh I missed that in their docs. My next guess is your client secret JWT isn't being generated properly. Try generating it with the Ruby code in my post, it's very picky.
      Wed, Nov 6, 2019 3:02pm +00:00 (via brid-gy.appspot.com)
    • Darryl Young twitter.com/darryl_young
      As I'm also using Expo, I followed the following to start with and there was no redirect_uri used. medium.com/appandflow/eli… I tried with one and it didn't make a difference. Also, in Apple's documentation, it doesn't show redirect_uri as being required. developer.apple.com/documentation/…
      Wed, Nov 6, 2019 2:57pm +00:00 (via brid-gy.appspot.com)
Posted in /replies using monocle.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv