Hi,
We have had Sign In With Apple running successfully since ~ October 2019, and successfully sign in the vast majority of our users. However in a small number of cases (~0.3% of all signups), we see the following error in our logs:
UserInfo={OIDOAuthErrorResponseErrorKey={
error = "invalid_request";
"error_description" = "Error from apple connection: client_id mismatch. The code was not issued to net.skyscanner.iphone. (invalid_grant)";
}, NSUnderlyingError=0x28276e4c0 {Error Domain=org.openid.appauth.remote-http Code=400 "{"error":"invalid_request","error_description":"Error from apple connection: client_id mismatch. The code was not issued to net.skyscanner.iphone. (invalid_grant)"}" UserInfo={NSLocalizedDescription={"error":"invalid_request","error_description":"Error from apple connection: client_id mismatch. The code was not issued to net.skyscanner.iphone. (invalid_grant)"}}}, OIDErrorDomain=org.openid.appauth.oauth_token, OIDErrorCode=-2, NSLocalizedDescription=invalid_request: Error from apple connection: client_id mismatch. The code was not issued to net.skyscanner.iphone. (invalid_grant)}
This is returned when Auth0 is unable to exchange with Apple the Authorization Code provided by Authentication Services on the user’s device.
I have been trying to reproduce this error to understand how this edge case might happen as I’d like to see if there’s anything we can do to solve this, however I’m currently unable to reproduce this.
I’ve tried the following SIWA scenarios:
- Attempt SIWA with no internet connection (idea being that after 5 mins the Authorization code expires so maybe people are using a stale code when struggling with internet) - We don’t even receive an authorization code from Authentication Services, SIWA fails with ASAuthorizationErrorUnknown
- Attempt SIWA when not signed into iCloud account - (same result) We don’t even receive an authorization code from Authentication Services, SIWA fails with ASAuthorizationErrorUnknown
- Change Password for iCloud on device 1 then try SIWA with device 2 (same iCloud, old password) - No error - SIWA succeeds
- Forcibly remove the device from the iCloud account - SIWA fails to even complete, user is asked to Sign in again to their iCloud account before continuing.
- Jailbroken Device? - Unable to try this scenario as I don’t have a jailbroken device to test with
Does anyone in Auth0, or in the Community here know in which scenario the actual Sign In With Apple process on the device can succeed, but that an invalid Authorization Code is sent to Auth0 for exchange?
Thanks