XPost: misc.phone.mobile.iphone   
   From: mariasophia@comprehension.com   
      
   Chris wrote:   
   > On 12/01/2026 07:35, Maria Sophia wrote:   
   >> Chris wrote:   
   >>> Given he constantly lies   
   >>   
   >> This thread is proof that you & Tyrone throw personal insults, not me.   
   >   
   > There is not a single case of me insulting you in this thread.   
      
   No hard feelings. This is an Apple group on Usenet. I'm used to it.   
      
   However, every time you tried to insult me, I simply said I'm going to stay   
   above that level so as to keep this thread (and every thread) technical.   
      
   I do not plan on responding to personal insults for the entire year.   
   It's an experiment to see if I can change the ways of people here.   
      
   > You may   
   > not like that you're being challenged to support your claims, which you   
   > have almost universally failed to do, but that is not an insult.   
      
   I've explained how I think iOS works with respect to token expiry and   
   renewal, and you've disputed that claim but without explaining anything.   
      
   Tell us all how you think iOS works because you disputing how it works   
   doesn't help unless you help explain how it works and why it's different.   
      
   > Do you deny that you have not provided any evidence in support of your   
   > claim that Apple uses multiple tokens? Note: Screenshots of your ipad   
   > are not evidence of separate tokens.   
      
   The goal here is to understand WHY Apple's authentication token expiry &   
   renewal works the way it works. All you're doing is claiming I'm wrong.   
      
   Fine.   
   What did your research tell you when you googled my claims, Chris?   
      
   > Do you deny that your ipads were activation locked due to your behaviour?   
      
   Please explain how you feel "my behavior" changes how iOS is designed?   
      
   > Do you deny failing to respond to direct questions? (this'll be interesting)   
      
   You asked how it works, and I told you how I think it works even as the   
   question never was how it works but why only iOS works this way.   
      
   Since you claimed it doesn't work the way I've described it to work, then   
   the burden is on you to explain how you think it works differently.   
      
   >   
   >> Q: Why does iOS ask for a password even though you have never logged out?   
   >>   
   >> Since I already answered both the how and why,   
   >   
   > Didn't happen.   
      
   Only you and Tyrone claim iOs doesn't work the way it does.   
   Everyone else who posted said it did ask them for their password.   
      
   > Also correction; iPadOS not iOS. You have not tested iOS.   
      
   I use iPadOS and iOS interchangeably and will continue to do so unless you   
   explain how iPadOS works differently than iOS in terms of the underlying   
   authentication mechanism expiry and renewal.   
   >   
   >> and since you and Tyrone   
   >> have resorted to using personal insults   
   >   
   > Also didn't happen, from me. Tyrone is a little more colourful with his   
   > language.   
      
   On many Apple-related newsgroups, discussions can become personal very   
   quickly the moment someone posts an uncomfortable truth about Apple.   
      
   Let's try this year-long experiment to see if we can change the attitude of   
   this newsgroup by not personally attacking someone or their actions.   
      
   >> instead of technical assessment,   
   >> please allow me to ask you an adult question in response to your incessant   
   >> and never ending personal attacks, Chris.   
   >>   
   >> Q: How do YOU think iOS works in terms of initiation & expiry of tokens?   
   >> A: ?   
   >   
   > I don't need to think. It is quite well explained in the ONE AND ONLY   
   > link you have shared that is related to this topic. There's one ("long   
   > lived") identity token per device and a refresh token can be requested   
   > at most daily.   
   > https://developer.apple.com/documentation/signinwithapple/verifying-a-user   
      
   I had already responded to your confusion but I'll kindly respond anew   
   because nobody can answer the question of WHY until they understand How.   
      
   The link you keep citing describes ONLY the "Sign in with Apple" web-auth   
   flow used by third-party apps. That is a developer document. It's for apps   
   that the developer's write. It doesn't deal directly with the internal   
   Apple ID tokens used by iOS for device activation, iCloud sync, App Store   
   authorization, or long term account validity.   
      
   Those internal tokens are not well documented by Apple. Their lifetimes,   
   renewal rules, and server side enforcement behavior are not described   
   deeply in public developer docs. Hence, the main way for us to understand   
   how they behave over long periods of non-renewal is to test actual devices   
   in the real world, which is what I have been doing for years.   
      
   I know how it works because I have TESTED how it works for years, Chris.   
   You haven't. But you can benefit from the experience that I've gained.   
      
   The "one long-lived token per device" you mention applies only to the   
   Sign-in-With-Apple OAuth flow. It does not govern:   
    1. iCloud service tokens   
    2. App Store purchase tokens   
    3. iMessage/FaceTime registration tokens   
    4. iCloud Keychain escrow tokens   
    5. Device activation/ownership tokens   
    6. Activation Lock server checks   
      
   So the question remains of how do YOU think iOS handles the initiation,   
   expiration, and enforcement of the internal Apple ID tokens that control   
   device ownership and activation?   
      
   Once we agree on the how, only then can we get to the more-important and   
   vastly more revealing discussion of why only iOS works the way it does.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)