Make sure to include exactly the claims in their docs. I was ... • Aaron Parecki

Darryl Young https://twitter.com/darryl_young • Nov 6
Good idea. I'll give that a go. Based on the Apple docs, it requires the JWT to be created "using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm", which I'm doing with the `jsonwebtoken` library.

https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens

Make sure to include exactly the claims in their docs. I was finding some JWT libraries would add their own stuff into it or change things around slightly. Probably easiest to verify by base64 decoding the claims after you generate it.

Malmö, Skåne län • 40°F

Wed, Nov 6, 2019 4:22pm +01:00

4 replies
Have you written a response to this? Let me know the URL:
- Aaron Parecki twitter.com/aaronpk
  
  I remembered why `redirect_uri` is optional in their docs 😂 They document both the auth code and refresh token request with the same list. You don't send the `redirect_uri` when using a refresh token, hence it's an optional parameter.
  
  Wed, Nov 6, 2019 5:19pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  Ok I was curious so I tested myself. I get the `invalid_grant` error unless I include the `redirect_uri` in the POST request with the authorization code.
  
  Wed, Nov 6, 2019 5:16pm +00:00 (via brid-gy.appspot.com)
- Darryl Young twitter.com/darryl_young
  
  That's what I see when decoding the generated JWT on jwt.io.
  
  Wed, Nov 6, 2019 5:03pm +00:00 (via brid-gy.appspot.com)
- Darryl Young twitter.com/darryl_young
  
  Hey. Yeah, I also wondered that so I decoded the generated JWT and it looks like exactly what's required and shown at the bottom of this document. developer.apple.com/documentation/…
  
  Wed, Nov 6, 2019 5:02pm +00:00 (via brid-gy.appspot.com)

Posted in /replies using monocle.p3k.io