Hello Apple ID support,
When a user successfully login with Apple, the apple OAuth will produce a appleIdToken. From my understanding this token is best to not leave the user device. I have two sub-system that can take a appleIdToken and manages the token-refresh separately.
In short:
-
Apple -> appleIdToken
-
sub-SystemA(appleIdToken) and sub-systemB(appleIdToken)
-
sub-SystemA and sub-systemB has two separate token management/refresh
The question:
-
Is this allowed by the Apple identify server?
-
Is the usecase of supplying appleIdToken to sub-SystemA and sub-systemB valid?