Intermittent SIWA Error: "JWT signature does not match locally computed signature"

Hi,

I am having this intermittent issue related with “Sign in with Apple”. Sometimes it proceeds without any issue, but sometimes our backend service returns the following error:

"JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted."

This is how I do SIWA.

@available(iOS 13.0, *)
private lazy var authorizationController: ASAuthorizationController = {  
     let provider = ASAuthorizationAppleIDProvider()  
     let request = provider.createRequest()  
     request.requestedScopes = [.fullName, .email]  
     let controller = ASAuthorizationController(authorizationRequests: [request])  
     controller.delegate = self  
     controller.presentationContextProvider = self          
     return controller  
}()  
  
func didTapSignInWithApple() {  
     if #available(iOS 13.0, *) {  
          authorizationController.performRequests()  
     }  
}  
  
func authorizationController(  
     controller: ASAuthorizationController,   
     didCompleteWithAuthorization authorization: ASAuthorization  
) {  
     // Get authorizationCode and identityToken from  
     // ASAuthorizationAppleIDCredential  
  
     // Decode JWT (identityToken) and use the decoded `kid` from the header.  
  
     // Pass `authorizationCode` and `kid` to backend for validation.  
} 

I validated the decoded kid on jwt.io and it’s the same. I also finished SIWA process in less than 30 seconds. Therefore, the problem with expiration should not be the case.

I think I gave the right information to backend:

I researched about this issue. But, so far, I think other developers always experiences the issue “JWT signature does not match locally computed signature…” But on my case, this is intermittent.

I hope someone can help. Thank you in advance!

EDIT: We just decided to do another implementation of Sign in with Apple. :slightly_smiling_face: