tp
commented
3 years ago @Slaheddine That depends on your server setup. For common languages (Go, PHP, etc.) there exist community-made SDKs to handle this for you.
Broadly speaking you need to convert the "first token" (authorization grant token) into a refresh token right away (from you servers to Apple's). Then one is supposed to validate that the refresh token is "still in good standing" with Apple once a day.
The API in question is https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens, but as said above, it's probably fastest to rely on an existing and proven SDK to handle this for you.
Can any one please explain how can we refresh the token in the application side. The first token we got is valid for only one day.