Problem I’m trying to implement Sign in with Apple in my application. However, when my app redirects to the Apple authorization page at: https://appleid.apple.com/auth/authorize I get an invalid_client error with no further explanation. Settings I followed this article closely: [https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple#generate-the-client-secret] Steps I have completed: Created an App ID and a Service ID on Apple Developer Portal. Enabled “Sign in with Apple” for both the App ID and the Service ID. Added my domain and callback URL to the Service ID configuration. (I'm using ngrok to proxy my localhost during development.) Linked an existing private key with “Sign in with Apple” capability. My identifiers: Service ID is used as client_id Team ID is taken from the top right of the Apple Developer dashboard Key ID is from the private key associated with the App Environment My backend is built with Laravel, and I'm using the [SocialiteProvider/Apple][https://socialiteproviders.com/Apple/#installation-basic-usage] library to handle the OAuth flow. I followed the recommended method to generate a client secret (JWT) for each request, using this blog post: [https://bannister.me/blog/generating-a-client-secret-for-sign-in-with-apple-on-each-request] My .env configuration looks like this: APPLE_CLIENT_ID=com.service.paxton.stockApp APPLE_TEAM_ID=25729642DK APPLE_KEY_ID=JFP9Q53ZCY APPLE_PRIVATE_KEY=storage/AppleDev-AuthKey_JFP9Q53ZCY.p8 JWT Generation I also tested generating the JWT using the Ruby script from the Okta article: [https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple#generate-the-client-secret] Here is the script I used: require 'jwt' key_file = './storage/AppleDev-AuthKey_JFP9Q53ZCY.p8' team_id = '25729642DK' client_id = 'com.service.paxton.stockObserve' key_id = 'JFP9Q53ZCY' ecdsa_key = OpenSSL::PKey::EC.new IO.read key_file headers = { 'kid' => key_id } claims = { 'iss' => team_id, 'iat' => Time.now.to_i, 'exp' => Time.now.to_i + 86400*180, 'aud' => 'https://appleid.apple.com', 'sub' => client_id, } token = JWT.encode claims, ecdsa_key, 'ES256', headers puts token This JWT validates correctly. I’ve also used Apple’s public key to verify the signature, and it passed. I verified the JWT header and payload format using this helpful article: [https://fluffy.es/how-to-solve-invalid_client-error-in-sign-in-with-apple/] Third-Party Testing To eliminate mistakes in my setup, I even tried a third-party tool featured in this YouTube video: [https://youtu.be/8v01TaX1EJA?si=0jOBGBVk0R0zbmdo] Unfortunately, the result was the same — invalid_client. Question I’ve double-checked everything I can think of: keys, claims, domain whitelist, identifiers. I even verified the JWT independently. If anyone (especially someone from Apple) can help identify the missing piece, I would be truly grateful.