86°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Hey. Yeah, I also wondered that so I decoded the generated JWT and it looks like exactly what's required and shown at the bottom of this document.

    https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
    Aaron Parecki
    Ok I was curious so I tested myself. I get the `invalid_grant` error unless I include the `redirect_uri` in the POST request with the authorization code.
    Malmö, Skåne län • 39°F
    Wed, Nov 6, 2019 6:16pm +01:00
    5 replies
    • Aaron Parecki twitter.com/aaronpk
      Cool, so that URL on the GraphQL server is the redirect_url, and that's what needs to be sent in that POST request.
      Wed, Nov 6, 2019 5:51pm +00:00 (via brid-gy.appspot.com)
    • Darryl Young twitter.com/darryl_young
      I have a GraphQL server (Prisma) and I'm sending the auth code there. Then, on that server, I'm trying to validate the auth code with Apple. Once it validates, I'd either be creating a user and sending a session token back or signing a user in by sending back a session token.
      Wed, Nov 6, 2019 5:50pm +00:00 (via brid-gy.appspot.com)
    • Aaron Parecki twitter.com/aaronpk
      Also you need to be exchanging the authorization code from a server somewhere, because you can't ship this app with the client secret built in.
      Wed, Nov 6, 2019 5:32pm +00:00 (via brid-gy.appspot.com)
    • Aaron Parecki twitter.com/aaronpk
      What URL are you sending people back to to have Apple deliver the authorization code to? That's the redirect URL, and you have to have configured it in the request and in the developer console anyway too.
      Wed, Nov 6, 2019 5:32pm +00:00 (via brid-gy.appspot.com)
    • Darryl Young twitter.com/darryl_young
      Interesting. I’ll give it a go again in case I missed something. I’m not sure what the redirect_uri will be in my React Native, though. Thanks for the help, by the way. Appreciate it.
      Wed, Nov 6, 2019 5:30pm +00:00 (via brid-gy.appspot.com)
Posted in /replies using monocle.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv