Home > Software design >  How can I find the desired client_id and client_secret values for the appleid.apple.com/auth/revoke
How can I find the desired client_id and client_secret values for the appleid.apple.com/auth/revoke

Time:06-03

I want to use account deletion feature for users logged in with Apple REST API in my project. What values do the client_id and client_secret values specified in the curl request correspond to in my iOS application?

curl -v POST "https://appleid.apple.com/auth/revoke" \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'client_id=CLIENT_ID' \
-d 'client_secret=CLIENT_SECRET' \
-d 'token=REFRESH_TOKEN' \
-d 'token_type_hint=refresh_token'

CodePudding user response:

  1. The revoke link doesn’t delete accounts. It just revokes the token that you are sending

  2. The documentation tells you what each part is https://developer.apple.com/documentation/sign_in_with_apple/revoke_tokens

client_id string (Required) The identifier (App ID or Services ID) for your app.

client_secret string (Required) A secret JSON Web Token (JWT) that uses the Sign in with Apple private key associated with your developer account.

The JWT for the client secret will look like this

{

    "alg": "ES256", //The algorithm used to sign the token. For Sign in with Apple, use ES256.
    "kid": "ABC123DEFG"//A 10-character key identifier generated for the Sign in with Apple private key associated with your developer account.
}
{
    "iss": "DEF123GHIJ",// use your 10-character Team ID associated with your developer account.
    "iat": 1437179036,//time at which you generated the client secret, in terms of the number of seconds since Epoch, in UTC.
    "exp": 1493298100,//The expiration time registered claim identifies the time on or after which the client secret expires. 
    "aud": "https://appleid.apple.com",
    "sub": "com.mytest.app" //use the same value as client_id. The value is case-sensitive.
}

https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens

The bottom part of the link above give you all you need to create the token and you will need a 3rd party api to sign it.

The private key needed shouldn’t be included in the bundle which is likely why there isn’t much swift documentation for this.

  • Related