Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mallaury's avatar

Use Laravel as API Backend for Apple signin

Hello,

I'm struggling with Apple Signin authentication. Authentication is done on a Flutter application, it sends me the response. Then I have to check it and send back a JWT via Laravel. I've already done this for Google and Facebook, and it works, but I can't get it to work for Apple. I've found tutorials but they don't explain how to validate an authentication that is already done on the app.

This is the response from the application:

{
  ‘userIdentifier": “00XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX1450”,
  ‘givenName": “John”,
  ‘familyName": “Doe”,
  ‘email": “[email protected]”,
  ‘identityToken": “eyJraWQiOiXXX...XXXs”,
  ‘authorizationCode": ’c98XXXXXXXXXXXXXXXXXXXXXXXXXXXXiPaQ’
}

Do you know how to ensure the response is valid?

Thanks!

0 likes
1 reply
mallaury's avatar

I have done that, but it does not work... It return a 400 "invalid client" :

			$teamId = config('services.apple.team_id');
            $keyId = config('services.apple.key_id');
            $sub = config('services.apple.client_id');
            $aud = 'https://appleid.apple.com';
            $iat = strtotime('now');
            $exp = strtotime('+60days');
            $keyContent = file_get_contents(storage_path(config('services.apple.private_key')));

            $client_secret = JWT::encode([
                'iss' => $teamId,
                'iat' => $iat,
                'exp' => $exp,
                'aud' => $aud,
                'sub' => $sub,
            ], $keyContent, 'ES256', $keyId);
            config()->set('services.apple.client_secret', $client_secret);

            $client = new Client();
            $response = $client->request('POST', 'https://appleid.apple.com/auth/token', [
                'grant_type' => 'authorization_code',
                //'redirect_uri' => config('services.apple.redirect'),
                'client_id' => config('services.apple.client_id'),
                'client_secret' => $client_secret,
                'code' => $request->authorizationCode,
            ]);

            dd($response->getBody());

Please or to participate in this conversation.