How do I, in Python, decode the id_token that Apple sends during the signup process?
I have tried (from here https://stackoverflow.com/a/65909432/984003)
import jwt
decoded = jwt.decode(token, options={"verify_signature": False})
I get an error:
jwt.exceptions.InvalidAudienceError: Invalid audience
If I copy-paste the id_token into the jwt.io page https://jwt.io/ then it correctly decodes it into all its parts (header, payload with aud, sub, etc.) So the token itself is correct and I have all the info I need.
It works when I provide the expected aud value. aud is the same as the clientId that you provide when you make the first call to Apple for signin (https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple), which is the same as Identifier in the Apple console where you set it up.
There must be a way to do this without providing aud since this wbeage https://jwt.io/ can do it. However, maybe not in Python...
import jwt
decoded = jwt.decode(token, audience="<your app's>",options={"verify_signature": False})