Apple signin/login with django and flutter problem - invalid_client response

I'm having an issue with implementing Apple Sign-In/Login in my Django + Flutter application. Here's the flow I'm using:

On the Flutter side, I'm using the following code to get credentials from Apple:

SignInWithAppleButton(
  onPressed: () async {
    final credential = await SignInWithApple.getAppleIDCredential(
      scopes: [
        AppleIDAuthorizationScopes.email,
        AppleIDAuthorizationScopes.fullName,
      ],
    );

    print(credential);

    // Now send the credential (especially `credential.authorizationCode`) to your server to create a session
    // after they have been validated with Apple
  },
);

This returns information like identity_token and authorization_code.

For test purposes, I send the authorization_code in a POST request to the endpoint https://appleid.apple.com/auth/token with the following details: Headers:

{
  "Content-type": "application/x-www-form-urlencoded"
}

Body:

{
  "client_id": "com.example.myapp",
  "client_secret": "example_client_secret",
  "grant_type": "authorization_code",
  "code": "my_example_authorization_code"
}

For generating the client_secret, I use the following Python script:

# Load the private key
with open(PRIVATE_KEY_PATH, "rb") as key_file:
    private_key = serialization.load_pem_private_key(
        key_file.read(), password=None, backend=default_backend()
    )

header = {
    "alg": "ES256",
    "kid": KEY_ID,
}

payload = {
    "iss": TEAM_ID,
    "iat": int(time.time()),
    "exp": int(time.time()) + 15777000,
    "aud": "https://appleid.apple.com",
    "sub": APP_ID,
}

client_secret = jwt.encode(
    payload, private_key, algorithm="ES256", headers=header
)

print(client_secret)

After all that steps, every time I send the POST request to Apple's /auth/token endpoint, I get the following response: {"error": "invalid_client"} Is there something wrong with my flow? Could it be that I'm sending incorrect data, or should I be handling this differently? Any insights or suggestions would be greatly appreciated :)

The APP_ID that you supply as the client_id and in the sub claim of your JWT is not your bundle id. It is the value shown under "Apple Id" under "App information" in App Store Connect. It is a 10 digit number.

Recent Questions & Answers

Intermittent server error in Django after upgrading to MySQL 8

Multiple different attachments using Gmail API in Django

How can I change the url of allauth AddEmailForm?

Issue with Saving Dynamic Formset Data on Frontend: Event Dates and Times Not Persisting

Tailwindcss v4 Grid columns

Django form label changes

How can I solve the Error in setup django project

how to delete delete OneToOneField of a model class in django

How to retrieve singleton model instance with DRF without having to provide id?

Should I reach into the Django _prefetched_objects_cache to solve an N+1 query?

Apple signin/login with django and flutter problem - invalid_client response

Recent Questions & Answers

Recommended entries on the topic