Using AppleId appleIdToken in two different sub-systems

Privacy & Security General
John-Doe OP
Created Mar ’24
Replies 1
Boosts 0
Views 393
Participants 2

Hello Apple ID support,

When a user successfully login with Apple, the apple OAuth will produce a appleIdToken. From my understanding this token is best to not leave the user device. I have two sub-system that can take a appleIdToken and manages the token-refresh separately.

In short:

  • Apple -> appleIdToken

  • sub-SystemA(appleIdToken) and sub-systemB(appleIdToken)

  • sub-SystemA and sub-systemB has two separate token management/refresh

The question:

  • Is this allowed by the Apple identify server? 

  • Is the usecase of supplying appleIdToken to sub-SystemA and sub-systemB valid?
Answered by DTS Engineer in 805769022

Hi @John-Doe,

If these subsystems are servers or web services, it is advised to verify the ID token received on device and generate new tokens for your backend. You can learn about that process in the documentation below:

Note: The user ID and private email address are team-scoped, so using subsystems for validation and handling user sessions for a single developer team and its apps is a valid use case.

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

Replies  1
Boosts  0
Views  393
Participants  2
DTS Engineer OP
Apple
1w
Recommended

Hi @John-Doe,

If these subsystems are servers or web services, it is advised to verify the ID token received on device and generate new tokens for your backend. You can learn about that process in the documentation below:

Note: The user ID and private email address are team-scoped, so using subsystems for validation and handling user sessions for a single developer team and its apps is a valid use case.

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

0
Using AppleId appleIdToken in two different sub-systems
First post date Last post date
 
 
Q