Aaron Parecki

Cool, so that URL on the GraphQL server is the redirect_url, and that's what needs to be sent in that POST request.

I have a GraphQL server (Prisma) and I'm sending the auth code there. Then, on that server, I'm trying to validate the auth code with Apple. Once it validates, I'd either be creating a user and sending a session token back or signing a user in by sending back a session token.

Also you need to be exchanging the authorization code from a server somewhere, because you can't ship this app with the client secret built in.

What URL are you sending people back to to have Apple deliver the authorization code to? That's the redirect URL, and you have to have configured it in the request and in the developer console anyway too.

Interesting. I’ll give it a go again in case I missed something. I’m not sure what the redirect_uri will be in my React Native, though. Thanks for the help, by the way. Appreciate it.