Please provide the following:
- SDK Version: expo-apple-authentication v6.0.1
- Platforms(Android/iOS/web/all): iOS
I am getting a 403 “Forbidden” error when I call Apple’s API “v1/me/*” endpoints. I am using the expo-apple-authentication module’s AppleAuthentication.signInAsync function to have the user log in. I then include the authorizationCode I get back from signInAsync response in my request to apple’s API (which happens on my app’s server). This is when I receive a 403 error and I am not sure why.
- I have the user log in like this:
const nonce = Buffer.from(`${Math.random()}`, 'utf-8').toString('base64');
const state = Buffer.from(`${Math.random()}`, 'utf-8').toString('base64');
const appleAuthRequestResponse = await AppleAuthentication.signInAsync({
requestedScopes: [
AppleAuthentication.AppleAuthenticationScope.FULL_NAME,
AppleAuthentication.AppleAuthenticationScope.EMAIL,
],
state,
nonce,
});
- I call a rest API on my server and include the
appleAuthRequestResponse.authorizationCodein the request’s body and from there I call apple’s API and include theauthorizationCodein the headers of my request for the value of ‘Music-User-Token’ like this:
headers: {
Authorization: `Bearer ${APPLE_MUSIC_DEVELOPER_TOKEN}`,
'Music-User-Token': authorizationCode,
'Content-Type': 'application/json',
}
Does anyone have any insight into if I am using the authorizationCode code that is returned from the signInAsync function wrong?
Or have any insight into if I am not using it correctly in my request to Apple’s API?
Thanks in advance!!