I want to use account deletion feature for users logged in with Apple REST API in my project. What values do the client_id and client_secret values specified in the curl request correspond to in my iOS application?
curl -v POST "https://appleid.apple.com/auth/revoke" \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'client_id=CLIENT_ID' \
-d 'client_secret=CLIENT_SECRET' \
-d 'token=REFRESH_TOKEN' \
-d 'token_type_hint=refresh_token'
CodePudding user response:
The revoke link doesn’t delete accounts. It just revokes the token that you are sending
The documentation tells you what each part is https://developer.apple.com/documentation/sign_in_with_apple/revoke_tokens
client_id string (Required) The identifier (App ID or Services ID) for your app.
client_secret string (Required) A secret JSON Web Token (JWT) that uses the Sign in with Apple private key associated with your developer account.
The JWT for the client secret will look like this
{
"alg": "ES256", //The algorithm used to sign the token. For Sign in with Apple, use ES256.
"kid": "ABC123DEFG"//A 10-character key identifier generated for the Sign in with Apple private key associated with your developer account.
}
{
"iss": "DEF123GHIJ",// use your 10-character Team ID associated with your developer account.
"iat": 1437179036,//time at which you generated the client secret, in terms of the number of seconds since Epoch, in UTC.
"exp": 1493298100,//The expiration time registered claim identifies the time on or after which the client secret expires.
"aud": "https://appleid.apple.com",
"sub": "com.mytest.app" //use the same value as client_id. The value is case-sensitive.
}
https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens
The bottom part of the link above give you all you need to create the token and you will need a 3rd party api to sign it.
The private key needed shouldn’t be included in the bundle which is likely why there isn’t much swift documentation for this.