In IOS devices: client_id mismatch. The code was not issued to com.xxxx.xxxx.xxxx

[GelistirmeKF]

In IOS applications, Sign in with Apple could only be working with using apple bundle Id rather than apple clientId. If clientId value is used, the apple validation service gives following error:

{ "error": "invalid_grant", "error_description": "client_id mismatch. The code was not issued to com.xxxx.xxxx.xxxx" }

In Apple's Site: "If you are authorizing on iOS, the authorization grant code validation must use the iOS bundle ID as well; otherwise, if you received the grant code via your client_id should be your Services ID created for the web application. Whenever these client_id values mismatch, the grant code validation will fail as the code was issued for another client."

[arendajaelu]

Yes, that is correct. When using Sign in with Apple in iOS applications, the client_id should be set to the Services ID created for the iOS application, not the bundle ID. This is because the authorization grant code validation must use the iOS bundle ID as well. If the client_id value does not match the Services ID created for the iOS application, the grant code validation will fail and you will receive the "client_id mismatch" error.

It's important to note that the client_id value should be set to the Services ID created for the web application when authorizing on non-iOS platforms, such as web or Android.

In summary, when using Sign in with Apple in iOS applications, you should use the Services ID created for the iOS application as the client_id value for authorization grant code validation.

Please refer to this post: https://blog.devgenius.io/how-to-implement-apple-login-with-nestjs-in-seconds-b88f05abe847

[GelistirmeKF]

Thank you for quick reply. We want to create a general appleLogin() api for web, android and iOS platforms.

We are using this package as PassportStrategy for AuthGuard by this class: @Injectable() export class AppleCustomerStrategy extends PassportStrategy(Strategy, 'apple') { constructor(config: ConfigService) { super({ clientID: config.get('APPLE_CLIENTID'), teamID: config.get('APPLE_TEAMID'), ....

For android and web, the api is working fine and makes authCode validation on Apple correctly but for iOS platform it gives "client_id mismatch" error because for clientId parameter, bundle id must be used rather than service id regarding iOS clients in AppleCustomerStrategy class.

Is it possible to develop a strategy serving for api on all platforms by using this library?

Same issue for Django/Python: https://github.com/pennersr/django-allauth/issues/2718

[arendajaelu]

The original purpose of this code snippet was just to serve as an example for Nestjs players, so the requirements mentioned can be modified according to your own needs.