laravel-sign-in-with-apple
laravel-sign-in-with-apple copied to clipboard
mikebronner
Client error: `POST https://appleid.apple.com/auth/token` resulted in a `400 Bad Request` response: {"error":"invalid_client"}
I have configured all the configuration for apple signin. It is redirect to apple site to get username and password. after that in callback, it is showing like this
Yes I am getting this same issue , before a month its working fine on my site
It is because, your client_secret token is expired, you need to generate a new token and replace it with old one, it will be fixed then. you can add max 6 months expire time of JWT token, after 6 months you have to generate new one. https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens
@iamaz007 I create new app and new client secret and update the existing configuration but its giving the same error
@iamaz007 I create new app and new client secret and update the existing configuration but its giving the same error
you don't need to create new app in apple, just generate a new client_secret, make sure you have selected right algorithm it is "ES256" for apple JWT in code, after implementing new client_secret, clear your Laravel cache, to do this, simply go to boostrap/cache and delete all files from there except .gitIgnore
@iamaz007
Unfortunately I am facing this same issue after removing the Laravel cache and deleting all files except .gitignore form boostrap/cache folder .
This is how , I am creating my client secret
require 'jwt'
key_file = 'key.txt' team_id = 'XYZ' client_id = 'XYZ' key_id = 'XYZ'
ecdsa_key = OpenSSL::PKey::EC.new IO.read key_file
headers = { 'kid' => key_id }
claims = { 'iss' => team_id, 'iat' => Time.now.to_i, 'exp' => Time.now.to_i + 86400*180, 'aud' => 'https://appleid.apple.com', 'sub' => client_id, }
token = JWT.encode claims, ecdsa_key, 'ES256', headers puts token
I am also getting this error:
GuzzleHttp\Exception\ClientException
Client error: POST https://appleid.apple.com/auth/token resulted in a 400 Bad Request response: {"error":"invalid_client"}
I recreated my JWT token to make sure it was not expired and I made sure the ES256 algorithm was being used.
Has anyone with this issue found a solution?
Thank you in advance!
Update: I tried validating my JWT token at https://jwt.io/ and it came up as an invalid signature. I'm not sure if this is what was causing the invalid_client error or not, but I was not able to resolve it. I ended up switching to use the library at https://github.com/patrickbussmann/oauth2-apple It takes care of generating the token, so all you have to do is fill in the config values from your Apple account and it works. Good luck all.
I ended up generating the client secret using lcobucci/jwt
<?php
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Hmac\Sha256;
use Lcobucci\JWT\Signer\Key\InMemory;
$now = new \DateTimeImmutable();
$jwtConfig = Configuration::forSymmetricSigner(
new Sha256(),
InMemory::file(__DIR__ . '/AuthKey.pem')
);
$token = $jwtConfig->builder()
->issuedBy('XXXXXXXX')
->issuedAt($now)
->expiresAt($now->modify('+1 hour'))
->permittedFor('https://appleid.apple.com')
->relatedTo('com.example.service-id')
->withHeader('kid', 'XXXXXXXX')
->getToken($jwtConfig->signer(), $jwtConfig->signingKey());
echo $token->toString();
more info is here
@iamaz007 I create new app and new client secret and update the existing configuration but its giving the same error
you don't need to create new app in apple, just generate a new client_secret, make sure you have selected right algorithm it is "ES256" for apple JWT in code, after implementing new client_secret, clear your Laravel cache, to do this, simply go to boostrap/cache and delete all files from there except .gitIgnore
Plz, how to generate new client secret ?
