I would like users to sign in with apple, then pass the token up to my server for validation. After validation I would like to make a user-authenticated cloudkit requests to fetch and modify data from the private database. Is this possible using the tokens returned from a sign-in-with-apple response?Basically, I think I need to obtain a ckWebAuthToken for the cloudkit request, but I'm not sure how to get one without a user having to go through a second, web-based authentication.I know there is a server-to-server flow for cloudkit but that is only for the public database, which doesn't help me in this case.Any help here would be much appreciated.