XPost: misc.phone.mobile.iphone   
   From: ithinkiam@gmail.com   
      
   Maria Sophia  wrote:   
   > Chris wrote:   
   >> Maria Sophia  wrote:   
   >>> Chris wrote:   
   >>>> Let's see how DonGPT responds to this...?   
   >>>   
   >>> I'm not going to respond to your incessant personal attacks,   
   >>   
   >> Firstly, calling you out on posting AI slop is not a personal attack. It's   
   >> criticising you for being disingenuous and lying.   
   >>   
   >> Secondly, if you're going to not respond then don't. Responding by saying   
   >> you're not going to respond is ... well, let's go with ... daft.   
   >>   
   >>> Chris, with all due respect, you are conflating one specific OAuth flow,   
   >>   
   >> Apple does not use OAuth.   
   >>   
   >> Seriously, give it up. You're out of your depth.   
   >>   
   >>> Sign in with Apple, with the authentication architecture of iOS as a whole.   
   >>   
   >> It's Apple authentication. iOS/iPadOS doesn't have an "authentication   
   >> architecture".   
   >>   
   >>> The identity token and refresh token described in the Sign in with Apple   
   >>> docs apply only to third party app login. They do not represent the tokens   
   >>> used by iCloud, Apple Media Services, IDS for iMessage and FaceTime, Find   
   >>> My, Activation Lock, or device activation.   
   >>   
   >> Prove it.   
   >>   
   >>> Sign in with Apple is implemented through the Authentication Services   
   >>> framework. It issues an ID token and a refresh token that are valid only   
   >>> for that OAuth client. The once-per-day refresh rule applies only to   
   >>> that OAuth flow. It does not apply to iCloud service tokens, Apple Media   
   >>> Services tokens, IDS tokens, or activation tokens.   
   >>   
   >> Are you using chatgpt again? Apple doesn't use OAuth.   
   >>   
   >>> iCloud uses its own account token and service specific credentials for   
   >>> Drive, Photos, Backup, Keychain, Mail, Contacts, Calendars, Notes,   
   >>> Reminders, and Safari sync. These services do not use the Sign in with   
   >>> Apple token and do not share its refresh rules.   
   >>   
   >> Prove it.   
   >>   
   >>> Apple Media Services, which covers the App Store, iTunes Store, TV,   
   >>> Music, Books, and Podcasts, uses a different token family entirely. AMS   
   >>> tokens are issued by a separate backend and have their own expiration   
   >>> and refresh behavior.   
   >>   
   >> Prove it.   
   >>   
   >>> iMessage and FaceTime use IDS authentication, which is documented as a   
   >>> separate protocol with its own key material and its own token lifecycle.   
   >>> IDS tokens are not interchangeable with iCloud or AMS tokens.   
   >>   
   >> Prove it.   
   >>   
   >>> Find My uses FMIP authentication, which again is a separate service with   
   >>> its own credentials and its own validation rules.   
   >>   
   >> Prove it.   
   >>   
   >>> Activation and Activation Lock use activation certificates and device   
   >>> specific credentials that are not part of any of the above systems.   
   >>   
   >> Prove it.   
   >>   
   >> I suspect all the above is again AI slop. Given you have not provided any   
   >> cites which you say you always do.   
   >>   
   >>> Because these authentication domains are independent, a failure or   
   >>> expiration in any one of them can trigger a password prompt such as   
   >>> Jan 10th 2026    
   >>>   
   >>> This is why users can see Apple ID password prompts even when they have not   
   >>> logged out or made a purchase. It is not caused by user behavior.   
   >>   
   >> You wish!   
   >>   
   >> Given no single person on here concurs with you - I discount candycaneeater   
   >> as he's probably a sock - we have to apply Occam's Razor and look at the   
   >> simplest explanation: you are doing this to yourself.   
   >>   
   >>> That's why everyone on this newsgroup who responded, except you and Tyrone,   
   >>> have easily admitted remembering these standard Apple ID password prompts.   
   >>>    
   >>   
   >> We've all admitted to have been asked for a password once of twice a year   
   >> at most. No one gets prompts several times a day. Only you.   
   >>   
   >>> It is caused by the fact that iOS uses multiple authentication domains with   
   >>> different lifetimes and different refresh rules.   
   >>   
   >> That's your baseless assertion.   
   >>   
   >>> If you truly believe that all Apple services share a single token, please   
   >>> cite Apple documentation that states this explicitly.   
   >>   
   >> I did.   
   >>   
   >> You have yet to prove that Apple uses multiple ones.   
   >   
   > Chris,   
   >   
   > I am going to ignore any accurate criticisms of my argument and hide   
   > behind fake victimhood.   
      
   There. Fixed it for you.   
      
   > You appear to be making two very strong claims, both of which I dispute.   
   >   
   > 1. "Apple does not use OAuth."   
   > 2. The one identity token in the Sign in with Apple doc is   
   >    "Apple authentication" for everything.   
   >   
   > On the first point, the label does not matter. Call it OAuth, OpenID   
   > Connect, or "Apple web sign in", the document you keep citing is about   
   > a specific browser / app sign in flow for third party clients. It is   
   > scoped to that use case. It does not describe device activation, Find   
   > My, iCloud, or Apple Media Services. It just doesn't. And never did.   
      
   Of course it matters. They are specific brands and have different   
   mechanisms. Anyone who values facts would stick to accuracy and stop making   
   stuff up.   
      
   The fact you don't care about accuracy adds even more weight to your   
   disinterest in truth. All you want is a nodding dog audience. Which is very   
   reminiscent of a well known personality...   
      
   > On the second point, you say you "proved" Apple uses a single token by   
   > pointing to that page. But that page does not say any of the following:   
      
   Further evidence that accuracy and facts are alien concepts to you. I never   
   claimed any proof. You asked for cites to evidence my position. Which I   
   gave. Something you've refused to do. Because you can't.   
      
   > 1. It does not say that iCloud uses the Sign in with Apple identity   
   >    token.   
   > 2. It does not say that App Store/Apple Media Services use that   
   >    token.   
   > 3. It does not say that iMessage/FaceTime (IDS) use that token.   
   > 4. It does not say that Find My/FMIP use that token.   
   > 5. It does not say that device activation or Activation Lock use that   
   >    token.   
      
   It's the only documented mechanism we have. Why wouldn't Apple use it?   
      
   > You are reading far more into that page than Apple actually wrote.   
   > Now to your repeated "prove it" challenge.   
   >   
   > Apple does not publish a complete internal map of every token, key, and   
   > certificate used by every service. Neither of us can "prove" the exact   
   > internal structure short of working on the inside at Apple.   
      
   Thanks for confirming you have no evidence to support your claims.   
      
   All you have is guesswork and a single observation of unusual behaviour   
   caused by an extreme edge case scenario.   
      
   This is a futile exercise.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)