How to refresh the tokens in Apple

Question

Scenario : User should not be logged out once tokens expired .

Apple sign up steps :

1. Successfully validated the authorization code and got a successful response { "access_token" : "",,"refresh_token" : "",expires_in: ""}

2. Successfully validated the refresh_token obtained from above step and generated a new access token using POST call to https://appleid.apple.com/auth/token

Problem: How generate user data,id_token from the new access token ?

Answer 1

1. Generate Refresh token

Url : https://appleid.apple.com/auth/token

Request :

{
client_id : your client_ID
client_secret : JWT_token
code : Authentication code (provided when login with Apple, which is expired within 5 minutes)
grant_type : authorization_code
redirect_uri : provided in “Return URL” when creating “Services ID” in Apple account
}

2. Validate Refresh token & get Access token

Url : https://appleid.apple.com/auth/token

Request :

{
client_id : your client_ID
client_secret : JWT_token
grant_type : refresh_token
refresh_token : refresh_token received in step - 1 API response
}

Refresh token is lifetime validity token, but invalidated when user change password/any other action by user which make session change. So, in that case you need to do re-login to fetch new refresh token.

Answer 2

There is no UserInfo API in Apple's ecosystem now. Their access tokens are useless at all.

The only way to get user's display name is receiving "user" json object at callback url at the first time authorization. For email, you can get it in id_token too.