XPost: misc.phone.mobile.iphone
From: ithinkiam@gmail.com
Maria Sophia wrote:
> Chris wrote:
>> Let's see how DonGPT responds to this...?
>
> I'm not going to respond to your incessant personal attacks,
Firstly, calling you out on posting AI slop is not a personal attack. It's
criticising you for being disingenuous and lying.
Secondly, if you're going to not respond then don't. Responding by saying
you're not going to respond is ... well, let's go with ... daft.
> Chris, with all due respect, you are conflating one specific OAuth flow,
Apple does not use OAuth.
Seriously, give it up. You're out of your depth.
> Sign in with Apple, with the authentication architecture of iOS as a whole.
It's Apple authentication. iOS/iPadOS doesn't have an "authentication
architecture".
> The identity token and refresh token described in the Sign in with Apple
> docs apply only to third party app login. They do not represent the tokens
> used by iCloud, Apple Media Services, IDS for iMessage and FaceTime, Find
> My, Activation Lock, or device activation.
Prove it.
> Sign in with Apple is implemented through the Authentication Services
> framework. It issues an ID token and a refresh token that are valid only
> for that OAuth client. The once-per-day refresh rule applies only to
> that OAuth flow. It does not apply to iCloud service tokens, Apple Media
> Services tokens, IDS tokens, or activation tokens.
Are you using chatgpt again? Apple doesn't use OAuth.
> iCloud uses its own account token and service specific credentials for
> Drive, Photos, Backup, Keychain, Mail, Contacts, Calendars, Notes,
> Reminders, and Safari sync. These services do not use the Sign in with
> Apple token and do not share its refresh rules.
Prove it.
> Apple Media Services, which covers the App Store, iTunes Store, TV,
> Music, Books, and Podcasts, uses a different token family entirely. AMS
> tokens are issued by a separate backend and have their own expiration
> and refresh behavior.
Prove it.
> iMessage and FaceTime use IDS authentication, which is documented as a
> separate protocol with its own key material and its own token lifecycle.
> IDS tokens are not interchangeable with iCloud or AMS tokens.
Prove it.
> Find My uses FMIP authentication, which again is a separate service with
> its own credentials and its own validation rules.
Prove it.
> Activation and Activation Lock use activation certificates and device
> specific credentials that are not part of any of the above systems.
Prove it.
I suspect all the above is again AI slop. Given you have not provided any
cites which you say you always do.
> Because these authentication domains are independent, a failure or
> expiration in any one of them can trigger a password prompt such as
> Jan 10th 2026
>
> This is why users can see Apple ID password prompts even when they have not
> logged out or made a purchase. It is not caused by user behavior.
You wish!
Given no single person on here concurs with you - I discount candycaneeater
as he's probably a sock - we have to apply Occam's Razor and look at the
simplest explanation: you are doing this to yourself.
> That's why everyone on this newsgroup who responded, except you and Tyrone,
> have easily admitted remembering these standard Apple ID password prompts.
>
We've all admitted to have been asked for a password once of twice a year
at most. No one gets prompts several times a day. Only you.
> It is caused by the fact that iOS uses multiple authentication domains with
> different lifetimes and different refresh rules.
That's your baseless assertion.
> If you truly believe that all Apple services share a single token, please
> cite Apple documentation that states this explicitly.
I did.
You have yet to prove that Apple uses multiple ones.
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
