|
|
|
|
|
|
by jchook
2568 days ago
|
|
|
> This means you can no longer do things like localhost redirect_uri's for testing, or even use Apple Sign In on an internal web-app. Seems this might provide some security benefit, e.g. no credentials showing up in web server access logs. Either way, are you sure the final POST isn't made by the client? If so, the client would resolve the address. On their JS configuration page[1], I don't see any obvious evidence that Apple will make the post. They show this line: `AppleID.auth.signIn();` P.S. Aghghgh the mixed camelCase and under_score makes me cringe. [1] https://developer.apple.com/documentation/signinwithapplejs/configuring_your_webpage_for_sign_in_with_apple
|
|
|
No. The final post is not made by the client and a server has to handle the request. Webapps cannot handle POST requests from an Authorization server.