Message: Verification with Apple failed, error: `{error: invalid_client}` in Laravel PHP
I'm trying to verify Apple Sign-In in my Laravel project, but I'm encountering an error. Can someone help me? I've even included screenshots of the key id and service id (with sensitive information modified).
{success: false, message: Failed to verify with Apple, error: {error: invalid_client}}
my .env file
APPLE_CLIENT_ID=com.example.apple
APPLE_TEAM_ID=NR88888888
APPLE_KEY_ID=RJ85222222
Here’s my function (I had to trim some parts because StackOverflow doesn't allow posting the entire function).
function loginWithApple(Request $request)
{
try
{
$authCode = $request->input('apple_authorization_code');
if (empty($authCode))
{
return response()->json([
'success' => false,
'message' => 'Authorization code is required'
], 400);
}
// Load and validate private key file
$path = storage_path('appleKeys/applePrivateKey/AuthKey_RJ85222222.p8');
if (!file_exists($path))
{
Log::error('Apple Login: Private key file not found', ['path' => $path]);
throw new \Exception('Apple private key file not found at: ' . $path);
}
$privateKeyContent = file_get_contents($path);
if (!$privateKeyContent)
{
Log::error('Apple Login: Failed to read private key file');
throw new \Exception('Failed to read private key file');
}
// Ensure private key format
$privateKey = openssl_pkey_get_private($privateKeyContent);
if (!$privateKey)
{
Log::error('Apple Login: Invalid private key format', [
'openssl_error' => openssl_error_string()
]);
throw new \Exception('Invalid private key format: ' . openssl_error_string());
}
// Generate client secret (JWT)
$timestamp = time();
$header = [
'alg' => 'ES256',
'kid' => env('APPLE_KEY_ID')
];
$payload = [
'iss' => env('APPLE_TEAM_ID'),
'iat' => $timestamp,
'exp' => $timestamp + 86400 * 180, // 180 days
'aud' => 'https://appleid.apple.com',
'sub' => env('APPLE_CLIENT_ID'),
];
// Base64Url encode header and payload
$base64Header = rtrim(strtr(base64_encode(json_encode($header)), '+/', '-_'), '=');
$base64Payload = rtrim(strtr(base64_encode(json_encode($payload)), '+/', '-_'), '=');
// Create signature
$signature = '';
if (!openssl_sign(
$base64Header . '.' . $base64Payload,
$signature,
$privateKey,
OPENSSL_ALGO_SHA256
)) {
Log::error('Apple Login: Failed to create signature', [
'openssl_error' => openssl_error_string()
]);
throw new \Exception('Failed to create signature: ' . openssl_error_string());
}
$base64Signature = rtrim(strtr(base64_encode($signature), '+/', '-_'), '=');
$clientSecret = $base64Header . '.' . $base64Payload . '.' . $base64Signature;
// Send request to Apple for token
$requestData = [
'client_id' => env('APPLE_CLIENT_ID'),
'client_secret' => $clientSecret,
'code' => $authCode,
'grant_type' => 'authorization_code'
];
Log::debug('Apple Login: Sending request to Apple', [
'url' => 'https://appleid.apple.com/auth/token',
'client_id' => env('APPLE_CLIENT_ID'),
'code' => $authCode,
'code_length' => strlen($authCode),
]);
// $response = Http::asForm()->post('https://appleid.apple.com/auth/token', $requestData);
$response = Http::withHeaders([
'Content-Type' => 'application/x-www-form-urlencoded'
])->post('https://appleid.apple.com/auth/token', $requestData);
if (!$response->successful())
{
Log::error('Apple Login: Failed response from Apple', [
'status' => $response->status(),
'error' => $response->json(),
]);
return response()->json([
'success' => false,
'message' => 'Failed to verify with Apple',
'error' => $response->json()
], 400);
}
$data = $response->json();
$idToken = $data['id_token'];
$tokenParts = explode('.', $idToken);
if (count($tokenParts) != 3) {
return response()->json([
'success' => false,
'message' => 'Invalid token format'
], 400);
}
}
catch (\Exception $e)
{
Log::error('Apple Sign In Error', [
'error' => $e->getMessage(),
'trace' => $e->getTraceAsString()
]);
}
}
Solution
This problem is tricky, As indicated here and here, the problem is actually in the signature generated by openSSL. You can read more about there, but in my case I just used the Firebase JWT library.
So for Apple Sign In, we need to use ES256 (ECDSA with SHA-256) for JWT signing. Here's a simpler and more reliable implementation using the firebase/php-jwt library, which supports ES256:
make sure to install the Firebase JWT library
composer require firebase/php-jwt
then update
use Firebase\JWT\JWT;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
// YOUR PROBLEM CAN BE SOLVED HERE
// Create client secret JWT
$clientSecret = JWT::encode([
'iss' => env('APPLE_TEAM_ID'),
'iat' => time(),
'exp' => time() + 86400 * 180, // 180 days
'aud' => 'https://appleid.apple.com',
'sub' => env('APPLE_CLIENT_ID'),
], $privateKey, 'ES256', env('APPLE_KEY_ID'));
// Exchange auth code for tokens
$response = Http::asForm()->post('https://appleid.apple.com/auth/token', [
'client_id' => env('APPLE_CLIENT_ID'),
'client_secret' => $clientSecret,
'code' => $authCode,
'grant_type' => 'authorization_code'
]);
Here is a full refactored function
use Firebase\JWT\JWT;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
function loginWithApple(Request $request) {
try {
// Validate request
$authCode = $request->input('apple_authorization_code');
if (empty($authCode)) {
return response()->json([
'success' => false,
'message' => 'Authorization code is required'
], 400);
}
// Load private key from Laravel storage location
$privateKeyPath = storage_path('appleKeys/applePrivateKey/AuthKey_' . env('APPLE_KEY_ID') . '.p8');
$privateKey = file_get_contents($privateKeyPath);
if (!$privateKey) {
throw new Exception('Could not read private key');
}
// Create client secret JWT
$clientSecret = JWT::encode([
'iss' => env('APPLE_TEAM_ID'),
'iat' => time(),
'exp' => time() + 86400 * 180, // 180 days
'aud' => 'https://appleid.apple.com',
'sub' => env('APPLE_CLIENT_ID'),
], $privateKey, 'ES256', env('APPLE_KEY_ID'));
// Exchange auth code for tokens
$response = Http::asForm()->post('https://appleid.apple.com/auth/token', [
'client_id' => env('APPLE_CLIENT_ID'),
'client_secret' => $clientSecret,
'code' => $authCode,
'grant_type' => 'authorization_code'
]);
if (!$response->successful()) {
Log::error('Apple Token Exchange Error', [
'status' => $response->status(),
'error' => $response->json()
]);
return response()->json([
'success' => false,
'message' => 'Failed to verify with Apple',
'error' => $response->json()
], 400);
}
// Get user data from ID token
$data = $response->json();
$idToken = $data['id_token'];
$tokenParts = explode('.', $idToken);
if (count($tokenParts) != 3) {
throw new Exception('Invalid token format');
}
// Decode payload
$payload = base64_decode(str_pad(strtr($tokenParts[1], '-_', '+/'), strlen($tokenParts[1]) % 4, '=', STR_PAD_RIGHT));
$userData = json_decode($payload, true);
if (!$userData) {
throw new Exception('Failed to decode token payload');
}
// Verify token expiry
if (time() > $userData['exp']) {
throw new Exception('Token has expired');
}
// Return user data
$user = $request->input('user') ? json_decode($request->input('user'), true) : null;
return response()->json([
'success' => true,
'message' => 'Apple Sign In successful',
'user_data' => [
'apple_user_id' => $userData['sub'],
'email' => $userData['email'] ?? null,
'email_verified' => $userData['email_verified'] ?? false,
'name' => $user['name'] ?? null
]
]);
} catch (Exception $e) {
Log::error('Apple Sign In Error', [
'error' => $e->getMessage(),
'trace' => $e->getTraceAsString()
]);
return response()->json([
'success' => false,
'message' => 'Authentication failed',
'error' => $e->getMessage()
], 500);
}
}
- How/when mysql compiles stored procedures?
- Search a 2d array by one column value and return another value from the qualifying row
- Search a multidimensional array by one column value and return another value from the qualifying row
- Get element value from a 2d array row which qualifies because of another column value
- Can I use array_search() to find a whole-row match in a 2d array?
- How to secure my login page
- Symfony 2: How to get route defaults by route name?
- php - find if an array contains an element
- Doctrine entity object to array
- Get URL to a Sulu page by content id
- Determine if an associative array of strings or arrays is equal to another array with the same structure
- PHP How to determine the first and last iteration in a foreach loop?
- Disable Undefined Property error in PHP Devsense extension on VSCode
- Fill the ACF field who modified the user profile
- How to Integrate 3rd party API in Wordpress
- Coverting a .BAK file into a .SQL for use in XAMPP phpmyadmin
- Add product thumbnails to Woocommerce admin orders list, only if product still exists
- Merge two 2d arrays, group by one column and sum another column within each group
- PHP json_decode multiple arrays or array in array to database
- laravel try/catch doesn't work for a failed query
- Return the first level key when a column value is found in a 2d array
- Find key of parent in array / PHP
- Find parent key of match in a multidimensional array
- Recursively search a multidimensional array for the parent key of a matched key or value
- Find a parent key in a 2d array
- Get first level key in a 2d array of the first row with a specified value in any element
- Removing currency symbol, except on Woocommerce cart and checkout pages
- How to display course list in moodle form?
- Multiple Image Upload PHP form with one input
- How to remove "Shipping" label from Woocommerce Email notifications?