App transfer - exchange identifiers 'invalid_request' error for most users

Hi @chris_avellis, @xanderdeseyn:

If a user decides to revoke access to their information for your client between the moment you performed the app transfer and the moment you attempt the user migration, you cannot receive their user data—thus, the migration request is invalid. In these scenarios where there is no active user session for the client, the invalid_request error response is expected.

Please see TN3159: Migrating Sign in with Apple users for an app transfer for more information on the expected end-to-end app transfer and user migration flow.

Additionally, if you'd like for the iCloud engineering team to confirm if the errors are related to a revoked authorization to previous users accounts, please submit a report via Feedback Assistant and include the following information:

Gathering required information for troubleshooting Sign in with Apple user migration

To prevent sending sensitive JSON Web Tokens (JWTs) in plain text, you should create a report in Feedback Assistant to share the details requested below. Additionally, if I determine the error is caused by an internal issue in the operating system or Apple ID servers, the appropriate engineering teams have access to the same information and can communicate with you directly for more information, if needed. Please follow the instructions below to submit your feedback.

For issues occurring with your user migration, ensure your feedback contains the following information:

• the primary App ID and Services ID
• the client secret for the transferring team (Team A) and the recipient team (Team B)
• the failing request(s), including all parameter values, and error responses (if applicable)
• the timestamp of when the issue was reproduced (optional)
• screenshots or videos of errors and unexpected behaviors (optional)

Important: If providing a web service request, please ensure the client secret (JWT) has an extended expiration time (exp) of at least ten (10) business days, so I have enough time to diagnose the issue. Additionally, if your request requires access token or refresh tokens, please provide refresh tokens as they do not have a time-based expiration time; most access tokens have a maximum lifetime of one (1) hour, and will expire before I have a chance to look at the issue.

Submitting your feedback

Before you submit via Feedback Assistant, please confirm the requested information above (for your native app or web service) is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Sign in with Apple client.

After your submission to Feedback Assistant is complete, please reply here with the Feedback ID. Once received, I can begin my investigation and determine if this issue is caused by an error within your client, a configuration issue within your developer account, or an underlying system bug.

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

I did submit via Feedback Assistant 10 days ago and it was resolved with "Investigation complete - Unable to diagnose with current information." - I'm not sure what more information is needed. The Feedback id is FB14788450. I included logs with an example of obtaining a successful transfer identifier and unsuccessful identifier exchange, timestamp, service ids, and also a CSV of all 60k failing users. There should be client secrets in the log file. I may need to regenerate since it's been so long. At this point we're halfway through the 60 day transfer period so any help would be appreciated.

Hi @chris_avellis,

You bug report has been received and the iCloud engineering team is aware of the reported issue and actively investigating a resolution. Please continue to be patient while we continue to diagnose the issue.

Could you please add an additional comment to your existing bug report noting the date of the app transfer? If the resolution occurs after the 60-day transfer period ends, we'll need to provide a solution to resolve the remaining user migrations. There is no need to provide more logs or client secrets at this time.

Thanks again,

Paris X Pinkney |  WWDR | DTS Engineer

Hi @chris_avellis @DTS Engineer Our team is also experiencing a similar issue as described in this ticket (where the transfer_sub exchange fails for approximately 10,000 out of 100,000 users targeted for migration), and we are currently submitting a feedback report.

If this issue is resolved, it would be greatly appreciated if you could share the cause in this forum to help prevent duplicate feedback reports.

Was this fixed? Just out of curiosity I ran my script yesterday to call the Apple API to transfer users, and we are seeing way less errors - now I only have 180 errors out of the 118k+ users

I didn't receive any follow-up emails or messages on this - is it safe to now transfer the users and update the Apple ID in our database? I believe our 60 day deadline is Sunday September 22,2024 - will that be extended?

For now I have saved all of the user information to a CSV file. If needed I can write a separate script to go through the CSV and update in our database

Hi, I'm also interested in knowing more about this, as I am about to perform an app transfer with user migration, and I have seen multiple forum posts in the last few weeks talking about this kind of behaviour. Should I expect a high volume of errors @DTS Engineer ?

Also, @chris_avellis did you manage to have a successful transition after that September 22nd deadline?

Was this fixed? Just out of curiosity I ran my script yesterday to call the Apple API to transfer users, and we are seeing way less errors - now I only have 180 errors out of the 118k+ users

After seeing this post, we ran our migration script again in our environment on September 30, 2024, and confirmed that the migration of around 10,000 records, which had previously resulted in errors, was completed successfully. Could this issue have been a temporary outage?