Failed to generate new user info using transfer_sub (Sign in with Apple)

Hello,

I’m transferring an app from my individual account to my corporate developer account. I’m the primary owner of both accounts.

I’m trying to transfer the users that used Sign In with Apple and this is what I did:

  1. I generated the transfer identifier for all the users that used Sign In with Apple from the database (50.000 users → 100% success rate)
  2. I’m using the transfer identifier previously generated to create the new Apple ID and private email address of the user. (40% success rate)

I successfully generated new Apple ID and private email address for 20.000 users but for the other 30.000 users I cannot generate it because I get { error: 'invalid_request’ } on the migration endpoint (/auth/usermigrationinfo), even though I'm using the same request parameters as the ones that are working.

I couldn’t find any difference between users that could be migrated and the users that couldn’t. It doesn’t matter if they are old users or new users.

What I found is that I can generate the new Apple ID and private email address if the user signs in with Apple for the first time after the app transfer. Then I can use the “transfer_sub” that I have stored for the user to generate the new user details.

The same process worked fine for another app that I transferred. Something seems to be broken only for this app on 60% of the users that used Sign In with Apple.

Please let me know if you need further information

Best, Cosmin

Answered by angcosmin in 800717022

Hello,

Thank you for your detailed instructions and assistance with this issue. I have submitted the requested information via Feedback Assistant. The Feedback ID is FB14866168.

Please let me know if there is anything else you need from my side to help with the investigation.

Thanks again for your support!

Cheers, Cosmin

Hi @angcosmin,

You wrote:

[...] What I found is that I can generate the new Apple ID and private email address if the user signs in with Apple for the first time after the app transfer. Then I can use the “transfer_sub” that I have stored for the user to generate the new user details. [...]

This may require the iCloud and App Store engineering teams to investigate your issue directly.

Gathering required information for troubleshooting Sign in with Apple user migration

To prevent sending sensitive JSON Web Tokens (JWTs) in plain text, you should create a report in Feedback Assistant to share the details requested below. Additionally, if I determine the error is caused by an internal issue in the operating system or Apple ID servers, the appropriate engineering teams have access to the same information and can communicate with you directly for more information, if needed. Please follow the instructions below to submit your feedback.

For issues occurring with your user migration, ensure your feedback contains the following information:

  • the primary App ID and Services ID
  • the client secret for the transferring team (Team A) and the recipient team (Team B)
  • the failing request(s), including all parameter values, and error responses (if applicable)
  • the timestamp of when the issue was reproduced (optional)
  • screenshots or videos of errors and unexpected behaviors (optional)

Important: If providing a web service request, please ensure the client secret (JWT) has an extended expiration time (exp) of at least ten business (10) days, so I have enough time to diagnose the issue. Additionally, if your request requires access token or refresh tokens, please provide refresh tokens as they do not have a time-based expiration time; most access tokens have a maximum lifetime of one (1) hour, and will expire before I have a chance to look at the issue.

Submitting your feedback

Before you submit via Feedback Assistant, please confirm the requested information above (for your native app or web service) is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Sign in with Apple client.

After your submission to Feedback Assistant is complete, please reply here with the Feedback ID. Once received, I can begin my investigation and determine if this issue is caused by an error within your client, a configuration issue within your developer account, or an underlying system bug.

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

Hello,

Thank you for your detailed instructions and assistance with this issue. I have submitted the requested information via Feedback Assistant. The Feedback ID is FB14866168.

Please let me know if there is anything else you need from my side to help with the investigation.

Thanks again for your support!

Cheers, Cosmin

Failed to generate new user info using transfer_sub (Sign in with Apple)
 
 
Q