I am trying to implement SignInWithApple
in a SwiftUI iOS app which sends/receives requests to/from an external API, which in turn, interacts with a MySQL database. I have read through all the documentation provided by Apple and as many articles as I can find on the matter, however I am still unsure what to do.
My question is if I am only implementing this functionality in a native iOS app, once I have received the ASAuthorizationAppleIDCredential
, do I need to keep track of the authorizationCode
and identityToken
, or is it enough to just store the user
(unique identifier) value in my database. I already issue my own JWT access/refresh tokens as I also allow users to create an account directly with me (via email and password), so I am unsure what to do with those provided by apple.
Any help would be greatly appreciated!
The pattern you are implementing is similar to when an app uses an authorization server (AS) to manage Sign in with Apple:
In your case you should only need to permanently store the Apple subject claim from the ID token. This could be stored as either a main account ID or a linked account.
If you find later that you need to hold onto an Apple token, eg for revocation purposes, you can use an embedded token approach. This would involve storing an Apple token as a custom claim within your own JWT.