Apple ID Authentication - Getting 403 when calling `*` endpoints

Please provide the following:

  1. SDK Version: expo-apple-authentication v6.0.1
  2. Platforms(Android/iOS/web/all): iOS

I am getting a 403 “Forbidden” error when I call Apple’s API “v1/me/*” endpoints. I am using the expo-apple-authentication module’s AppleAuthentication.signInAsync function to have the user log in. I then include the authorizationCode I get back from signInAsync response in my request to apple’s API (which happens on my app’s server). This is when I receive a 403 error and I am not sure why.

  1. I have the user log in like this:
      const nonce = Buffer.from(`${Math.random()}`, 'utf-8').toString('base64');
      const state = Buffer.from(`${Math.random()}`, 'utf-8').toString('base64');

      const appleAuthRequestResponse = await AppleAuthentication.signInAsync({
        requestedScopes: [
  1. I call a rest API on my server and include the appleAuthRequestResponse.authorizationCode in the request’s body and from there I call apple’s API and include the authorizationCode in the headers of my request for the value of ‘Music-User-Token’ like this:
headers: {
            Authorization: `Bearer ${APPLE_MUSIC_DEVELOPER_TOKEN}`,
            'Music-User-Token': authorizationCode,
            'Content-Type': 'application/json',

Does anyone have any insight into if I am using the authorizationCode code that is returned from the signInAsync function wrong?

Or have any insight into if I am not using it correctly in my request to Apple’s API?

Thanks in advance!!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.