XPost: misc.phone.mobile.iphone   
   From: mariasophia@comprehension.com   
      
   Chris wrote:   
   > Let's see how DonGPT responds to this...?   
      
   I'm not going to respond to your incessant personal attacks, nor those from   
   Tyrone as I am keeping my comments civil to the technical point at hand.   
      
   Chris, with all due respect, you are conflating one specific OAuth flow,   
   Sign in with Apple, with the authentication architecture of iOS as a whole.   
      
   The identity token and refresh token described in the Sign in with Apple   
   docs apply only to third party app login. They do not represent the tokens   
   used by iCloud, Apple Media Services, IDS for iMessage and FaceTime, Find   
   My, Activation Lock, or device activation.   
      
   Sign in with Apple is implemented through the Authentication Services   
   framework. It issues an ID token and a refresh token that are valid only   
   for that OAuth client. The once-per-day refresh rule applies only to   
   that OAuth flow. It does not apply to iCloud service tokens, Apple Media   
   Services tokens, IDS tokens, or activation tokens.   
      
   iCloud uses its own account token and service specific credentials for   
   Drive, Photos, Backup, Keychain, Mail, Contacts, Calendars, Notes,   
   Reminders, and Safari sync. These services do not use the Sign in with   
   Apple token and do not share its refresh rules.   
      
   Apple Media Services, which covers the App Store, iTunes Store, TV,   
   Music, Books, and Podcasts, uses a different token family entirely. AMS   
   tokens are issued by a separate backend and have their own expiration   
   and refresh behavior.   
      
   iMessage and FaceTime use IDS authentication, which is documented as a   
   separate protocol with its own key material and its own token lifecycle.   
   IDS tokens are not interchangeable with iCloud or AMS tokens.   
      
   Find My uses FMIP authentication, which again is a separate service with   
   its own credentials and its own validation rules.   
      
   Activation and Activation Lock use activation certificates and device   
   specific credentials that are not part of any of the above systems.   
      
   Because these authentication domains are independent, a failure or   
   expiration in any one of them can trigger a password prompt such as   
    Jan 10th 2026    
      
   This is why users can see Apple ID password prompts even when they have not   
   logged out or made a purchase. It is not caused by user behavior.   
      
   That's why everyone on this newsgroup who responded, except you and Tyrone,   
   have easily admitted remembering these standard Apple ID password prompts.   
       
      
   It is caused by the fact that iOS uses multiple authentication domains with   
   different lifetimes and different refresh rules.   
      
   If you truly believe that all Apple services share a single token, please   
   cite Apple documentation that states this explicitly.   
      
   As far as I'm aware, Sign in with Apple documentation does not make that   
   claim, because it applies only to the OAuth flow used by third party apps,   
   not to the internal authentication mechanisms of iCloud, AMS, IDS, Find My,   
   or activation.   
      
   Please, when you respond, do not include personal insults as we're trying   
   to answer a highly technical yet very important question about why iOS   
   works this way since no other consumer OS works this way (not even macOS).   
   --   
   People who use iOS without testing it, will never understand how iOS works   
   under the covers because they only see a tiny portion of what happens.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)