How can I get a new Authorisation Code and/or Refresh Token when signing in with Apple after revoking original refresh token?

I have implemented Sign in with Apple in my app.

The flow goes like this:

  1. User taps sign in button
  2. In the delegate method I take the auth code and post it to my server.
  3. My server sends an activation request to apple and gets an id, refresh, and access tokens.

This is where I have a problem:

  1. A user requests account deletion.
  2. The server sends a request to revoke the access and refresh tokens
  3. User may or may not go to settings and revoke "Sign in with Apple" access to the app (the following happens either way)
  4. The user then load the app again and taps the Sign in with Apple button.
  5. The delegate method provides a valid id token, but the same original auth code instead of generating a new one.
  6. The server now gets an invalid response from apple as the auth code is had already expired, and so can't get a new refresh token.
  7. The server also can't use the old refresh token as it's been revoked during deletion.

Can someone tell me where I'm going wrong?

I can't find any documentation for regenerating a refresh token after revoking it.

Thank you

Post not yet marked as solved Up vote post of guyguy Down vote post of guyguy
651 views
Posted by
guyguy
Reply
Add a Comment

Replies

We see the same issue in production. Did you get any response from Apple, or have you gained any helpful insights?

Posted by
c.kapplmueller
Up vote reply of c.kapplmueller Down vote reply of c.kapplmueller
Add a Comment