Instructions for apple sign in not clear enough, receiving an error

I’ve followed the instructions here:

and on the auth0 website to setup apple sign in, however how iOS client keeps receiving this error:

Exchange Failed: Grant type urn:ietf:params:oauth:grant-type:token-exchange with subject_token_type http://auth0.com/oauth/token-type/apple-authz-code is not enabled for this client

I also want to know, if the Web Domain we should be providing apple is the custom domain that should be pointing to {app}.auth0.com.

I’m also curious to know the approach people took to verify their custom domain with apple… this means most of the time having login downtime while you unpoint the domain from auth0 and verify the file etc

You should provide the custom domain. Also, most if not all of the callback url settings in the Auth0 dashboard accept multiple urls, so you shouldn’t have to un-point anything.

Thanks Ron, however, I’m talking about the custom domain. Our domain is currently pointing to auth0, in order to verify with apple we have to unpoint it and serve the file, during which time the login is unusable. Does that make sense?

But yup, that’s what I used anyways, the custom domain, and getting this not very helpful error :frowning:

Hm, I don’t think I follow. I don’t recall having to un-point anything or any kind of downtime. The verification I believe is independent of the login url settings.

What setting are you changing for the re-pointing?

No settings, just the custom domain is a CNAME pointing to the auth0 domain, I don’t see how you’d have that and at the same time use your domain in a server to serve the file :slight_smile:

But I don’t mean to distract the post from its original issue, the weird error

Does anyone have any idea? Should I send a support ticket?

I’m having the same issue, did you manage to fix it @jose1?

@luisjesus nope, not yet, still not able to implement this… noone seems to know what to do

Hey jose1

We ran into the same issue and discovered there is a different set of configurations you need to enable for Native iOS users going through this flow.

If you go to Applications -> (Your iOS Application client) -> scroll to the bottom to Show Advanced Settings -> and open up the Device settings tab you’ll see a toggle to enable native flow for apple sign in. This should do the trick, you’ll need to provide the Team and App Id.

1 Like

I have the same issue.

Following the instructions here https://auth0.com/docs/connections/apple-siwa/add-siwa-to-native-app and also successfully testing the connection as described here https://auth0.com/docs/connections/apple-siwa/test-siwa-connection I can’t get it running inside of my Ionic app following this documentation: https://auth0.com/docs/api/authentication#token-exchange-for-native-social

I always get a 401

{
    "error": "access_denied",
    "error_description": "Unauthorized"
}

The logs do not include any usefull information and I’m kindof stuck now.