XPost: misc.phone.mobile.iphone   
   From: ithinkiam@gmail.com   
      
   Maria Sophia  wrote:   
   > Hi Chris,   
   >   
      
   Your credibility is rock bottom right now. You're desperately trying to   
   pretend you didn't post fake links to non-existent API calls.   
      
   You've always said you want people to correct you, but as always the truth   
   is the opposite.   
      
   > iOS uses multiple independent authentication tokens   
      
   Which you've asserted many times and never evidenced.   
      
   >   
   > Apple: Verifying a User   
   >    
   > "After your app receives a user's information, you can verify their   
   > associated identity token with the server to confirm that the token isn't   
   > expired and ensure it hasn't been tampered with or replayed to your app."   
      
   A-ha! A real link! Which actually mentions tokens! Hallelujah! It's only   
   taken you five days to find *something*.   
      
   Now let's see what it also says:   
      
   "You may verify the refresh token up to once a day to confirm that the   
   user’s Apple Account on that device is still in good standing with Apple’s   
   servers."   
      
   "You may continue to use the same refresh token until it’s invalidated —   
   for example, by an Apple Account account password change, or when a user   
   revokes access to your app — or the token verification fails."   
      
   Which tells us that checks should only be done once a day and that it's   
   user behaviour that invalidates tokens. Not time.   
      
   Plus, there's no mention that each apple service users different tokens.   
   Even third party apps only need the one identity token which can be   
   refreshed daily at most. The diagram in the link is pretty clear.   
      
   > If any one of these tokens expires or fails validation, iOS silently   
   > refreshes some without your password   
      
   Incorrect: "Obtaining a new identity token on the device requires user   
   interaction." Note *device* and not service/app. One login is sufficient   
   for all services.   
      
   Yet again you fail, in your attempt to rationalise your weird behaviour.   
      
   > but others require the password.   
   >     
   >   
   > If anyone thinks the system works differently, then they should tell us how   
   > they think the system works because we're not asking how it works but why.   
      
   Nonsensical. You're confusing your "hows" and your "whys".   
      
   You should be happy that we've all learnt something. That iPadOS doesn't   
   use multiple tokens. There's one identity token for the *device* and   
   apps/services can request refresh tokens no more than once a day. User   
   activity can invalidate a token which then prompts the user to   
   authenticate. Nice and easy.   
      
   So your experience is 100% caused by your behaviour. Not iPadOS. Not Apple.   
      
      
   Let's see how DonGPT responds to this...?   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)