I’ve followed the instructions here:
and on the auth0 website to setup apple sign in, however how iOS client keeps receiving this error:
Exchange Failed: Grant type urn:ietf:params:oauth:grant-type:token-exchange with subject_token_type http://auth0.com/oauth/token-type/apple-authz-code is not enabled for this client
I also want to know, if the Web Domain we should be providing apple is the custom domain that should be pointing to {app}.auth0.com.
I’m also curious to know the approach people took to verify their custom domain with apple… this means most of the time having login downtime while you unpoint the domain from auth0 and verify the file etc
You should provide the custom domain. Also, most if not all of the callback url settings in the Auth0 dashboard accept multiple urls, so you shouldn’t have to un-point anything.
Thanks Ron, however, I’m talking about the custom domain. Our domain is currently pointing to auth0, in order to verify with apple we have to unpoint it and serve the file, during which time the login is unusable. Does that make sense?
But yup, that’s what I used anyways, the custom domain, and getting this not very helpful error 
Hm, I don’t think I follow. I don’t recall having to un-point anything or any kind of downtime. The verification I believe is independent of the login url settings.
What setting are you changing for the re-pointing?
No settings, just the custom domain is a CNAME pointing to the auth0 domain, I don’t see how you’d have that and at the same time use your domain in a server to serve the file 
But I don’t mean to distract the post from its original issue, the weird error
Does anyone have any idea? Should I send a support ticket?
Hey jose1
We ran into the same issue and discovered there is a different set of configurations you need to enable for Native iOS users going through this flow.
If you go to Applications → (Your iOS Application client) → scroll to the bottom to Show Advanced Settings → and open up the Device settings tab you’ll see a toggle to enable native flow for apple sign in. This should do the trick, you’ll need to provide the Team and App Id.
I have the same issue.
Following the instructions here Add Sign In with Apple to Native iOS Apps and also successfully testing the connection as described here https://auth0.com/docs/connections/apple-siwa/test-siwa-connection I can’t get it running inside of my Ionic app following this documentation: Authentication API Explorer
I always get a 401
{
"error": "access_denied",
"error_description": "Unauthorized"
}
The logs do not include any usefull information and I’m kindof stuck now.
Hi all, I am stuck at the same spot as @dev41
@dev41 Did you manage to solve it?
Connection testing is successful.
I always get a 401 when this is included in headers: headers: { ‘content-type’: ‘application/x-www-form-urlencoded’ }, but a 403 when the previous is not included.
I request that the Auth0 support help us a bit more, cause the error we get is too generic and cannot help in solving this issue. Auth0 should have a much better support, especially on paid plans!
Thanks.
Anyone figure this one out?
Anyone managed to find a solution for this. I am running in to the same issue, not being able to exchange the authorization code for Auth0 tokens.