87°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Good idea. I'll give that a go. Based on the Apple docs, it requires the JWT to be created "using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm", which I'm doing with the `jsonwebtoken` library.

    https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
    Aaron Parecki
    Make sure to include exactly the claims in their docs. I was finding some JWT libraries would add their own stuff into it or change things around slightly. Probably easiest to verify by base64 decoding the claims after you generate it.
    Malmö, Skåne län • 40°F
    Wed, Nov 6, 2019 4:22pm +01:00
    4 replies
    • Aaron Parecki twitter.com/aaronpk
      I remembered why `redirect_uri` is optional in their docs 😂 They document both the auth code and refresh token request with the same list. You don't send the `redirect_uri` when using a refresh token, hence it's an optional parameter.
      Wed, Nov 6, 2019 5:19pm +00:00 (via brid-gy.appspot.com)
    • Aaron Parecki twitter.com/aaronpk
      Ok I was curious so I tested myself. I get the `invalid_grant` error unless I include the `redirect_uri` in the POST request with the authorization code.
      Wed, Nov 6, 2019 5:16pm +00:00 (via brid-gy.appspot.com)
    • Darryl Young twitter.com/darryl_young
      That's what I see when decoding the generated JWT on jwt.io.
      Wed, Nov 6, 2019 5:03pm +00:00 (via brid-gy.appspot.com)
    • Darryl Young twitter.com/darryl_young
      Hey. Yeah, I also wondered that so I decoded the generated JWT and it looks like exactly what's required and shown at the bottom of this document. developer.apple.com/documentation/…
      Wed, Nov 6, 2019 5:02pm +00:00 (via brid-gy.appspot.com)
Posted in /replies using monocle.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv