Apple Sign-In token exchange

POST /auth/apple-signin

Exchange an Apple Sign-In identity token for MagicWeave access and refresh tokens.

Current behavior:

Looks up project Apple OAuth credentials.
Verifies token via Apple JWKS and configured Apple client ID (audience).
Requires email claim in token.
Creates user if needed, then returns MagicWeave access + refresh tokens.

Typical errors:

400 if provider not configured, Apple client ID missing, or email missing in token.
401 if token invalid or issuer is invalid.

Request

Responses

Successful Response

Request body

{
  "identity_token": "<apple_identity_token>"
}

Response shape

{
  "success": true,
  "access_token": "jwt-or-null",
  "refresh_token": "jwt-or-null",
  "message": "human-readable status"
}

cURL example

curl -X POST "http://localhost:8001/auth/apple-signin" \
  -H "x-client-id: <client-id>" \
  -H "x-client-secret: <client-secret>" \
  -H "Content-Type: application/json" \
  -d '{"identity_token":"<apple-identity-token>"}'

Apple Sign-In token exchange

/auth/apple-signin

Request​

Responses​

Request body​

Response shape​

cURL example​

Request

Responses

Request body

Response shape

cURL example