@Gijs Peters Thanks for reaching us through multiple forums- It seems the issue is resolved by you here-
Glad that you were able to resolve your issue and I appreciate your effort in sharing the solution.
Your contribution will undoubtedly assist others facing similar challenges.
I am resharing your answer here! As the Microsoft Q&A community follows a policy where the question author cannot accept their own answer
Feel free to consider "Accepting" the answer if you find it suitable.
Azure App Service does not (yet) support storing and managing Apple refresh tokens. You need to implement this on your own. Fortunately, this is straightforward. The process is this:
- Authenticate to Apple on the device with expo-apple-authentication. The signin method returns an
authorizationCode
. - Send this authorization code to a custom backend endpoint. Do this immediately, this code is valid for 5 minutes.
- From this backend endpoint, send a request to
https://appleid.apple.com/auth/token
with the authorization code and your client secret. Apple returns a refresh token and an identity token. Return these to the client app. - On the app, store the refresh token in persistent storage, and keep the identity token somewhere in memory. It expires after 24 hours.
- Follow the normal auth flow for Azure App Service, with a request first to
https://myapi.azurewebsites.net/.auth/login/apple
to get the ZUMO JWT, and provide this JWT in subsequent requests to your server.
On refresh:
- On the app, load the refresh token from persistent storage.
- Send the refresh token to another custom backend endpoint.
- From this backend endpoint, send a request to
https://appleid.apple.com/auth/token
with the refresh token and your client secret. Apple returns an identity token. Return this to the client app. - Follow the normal auth flow for Azure App Service, with a request first to
https://myapi.azurewebsites.net/.auth/login/apple
to get the ZUMO JWT, and provide this JWT in subsequent requests to your server.
This link provides details on how to implement the refresh and refresh token requests.
Note that you do not need a backend endpoint per se, but you have to store your Apple client secret somewhere securely, and this secret needs to be refreshed at least every 6 months.