Question iOS SignInWithAppleAsync gives PERMISSION_DENIED

I have SignIn with Apple working but am running into a PERMISSION_DENIED issue when I try to Link or SignIn with the account. I also have some questions as the docs are very light on this.

Questions
1. AuthenticationService.Instance.LinkWithAppleAsync(idToken)
- this method requires a string. IAppleIDCredential.IdentityToken is a byte[]. I assume it's base64 encoded so I am using Convert.ToBase64String() to get a string.
- is this the correct string it wants for idToken?

2. What does LinkWithAppleAsync actually do? I assume it links the anonymous PlayerId to this apple account. But what if they login anonymously on a different device getting a different PlayerId.
Then they sign in with Apple, will it change the PlayerId to the one previously linked?

3. Is there a proper way to know if they've previously linked an account (other than watching for the AuthenticationErrorCodes.AccountAlreadyLinked exception)? A lot needs to be done if they login again from a new/different device.

I'm using the pre.37 package.

Sequence I'm trying to use (is this correct?)
A) AuthenticationService.Instance.SignInAnonymouslyAsync()
- works fine. get PlayerId back.
B) Click SignIn button in App
C) _appleAuthManager.LoginWithAppleId(...)
- works fine. returns name, email, idtoken
D) Save off Name, Email, Convert.ToBase64String(IdentityToken)

-- Now to try to Link and/or Sign in with Apple

E) AuthenticationService.Instance.SignOut(); -- need this else 'The player is already signed in' from the Anonymous sign in
F) AuthenticationService.Instance.SignInWithAppleAsync(idToken); -- using the Base64 encoded IAppleIDCredential.IdentityToken

[Authentication]: Request failed: 401, {"title":"PERMISSION_DENIED","detail":"validation failed","details":[],"status":401}

G) AuthenticationService.Instance.LinkWithAppleAsync(idToken)

I've tried variations on the E-G sequence but they all fail after step D.

 

Success! UTF8.GetString() was the key, thanks!

And to follow up for others, the PlayerId does change after you successfullly SignInWithApple to the PlayerId that was previously linked.

 

More than happy to! Done. Thanks again.

 

Do you have an answer to #3? How do we properly determine if they've already linked their account so we can take appropriate action? Other that relying on catching an exception.

 

I'm getting PERMISSION_DENIED again, but now with "token is expired". How do I get a new, valid, IdToken? I've tried all the methods in the 'Sign in with Apple' Plugin, but they all cause the native Sign In dialog to appear. How do I SignInWithAppleAsync() again silently after some time has passed?

 

Any word on this? I'm still getting "token is expired" if my IdToken is a few days old. How do I get a new one?

 

Oh I see. Yes, I get the token from the popup, then store it, and Link & SignInWithApple(idToken) just fine using it. Then continue to SignInWithApple during each login with that idToken. But I think that's the problem.

So LinkWithAppleAsync(idToken) and SignInWithAppleAsync(idToken) are mutually exclusive. If you start with an anonymous account you only need to LinkWithAppleAsync with the idToken once, then continue to use SignInAnonymouslyAsync.

So if moving from anonymous to an apple account, you'll actually never use SignInWithAppleAsync, is that correct?

Thanks!

 

Thanks for your help on this. I've reworked everything based on what you've said here and everything is working perfectly now for all scenarios and across devices.