Notify of
Newest Most Voted
Inline Feedbacks
View all comments
Flávio Airjan

Unfortunately, it is not working, shouldOverrideUrlLoading is never called =/


Hey John, I downloaded the demo project. And, it’s not working. Apple uses the redirect URL to POST data. so, shouldOverrideUrlLoading won’t get called.

Hugo Figueroa

I have this problem too. Does anyone found a solution?


Dos not work for me either. WebView documentation says explicitly shouldOverrideUrlLoading does not get called for POST requests.


I did not, I’ve implemented the example in this page in my project. I can safely say it’s implemented correctly since I get a callback to my redirect uri on WebViewClient’s shouldInterceptRequest in the end of the authentication process. The real problem is that the body of the POST is not accessible and the query parameters are missing (the are in the body most likely).


@John Codeos, I’ve run the demo project, where I changed the values of CLIENT_ID & REDIRECT_URI in AppleConstant.kt. No other changes. The same behaviour, AppleWebViewClient.shouldOverrideUrlLoading does not get called in the end of the sign in process with the redirect uri (because it’s a POST). I’m running Stock Android 10 on a Pixel device.


@John Codeos, thanks for your time & help. Now I understand it. The WebView does not intercept/catch (via shouldOverrideUrlLoading) the POST request to the Return URL defined in Apple Developer’s console. That POST is sent to the callback server, which processes the request and then makes a redirect with the extracted values in the URL. THAT redirect (which is a GET request) is intercepted by the WebView in the end. That’s why it works.


In case this helps anyone, it appears that the “sub” property is the userID, not the “iat”.


ttps:// sign-in-with-apple is not available

Dhaval Patel

Hello John, I facing issue in token API response it’s always returns {"error":"invalid_client"} I call this API for get apple id and using below params:


I just replace redirect_uri, and client_id. Also, I got status, code, client_secret, first_name, middle_name, last_name, and email in callback URL but an issue in a token API response. Please help me understand why always returns {"error":"invalid_client"} in token API.

Dhaval Patel

Yes john, I checked and replace some values. Everything is done but issue i facing is in token API result always return {“error”:”invalid_client”}

Dhaval Patel

Hello john In step one of setup app in apple account under Certificates, Identifiers & Profiles section IDENTIFIER should be an android package name? or what? Check below link and check image:

JS Park

Thank you for your detailed tutorial.
Since I’m using Java and PHP so… I need to translate Kotlin and Node JS and I’m not familiar with the languages.
Anyways I want to talk about the shouldOverrideUrlLoading function.

1.shouldOverrideUrlLoading is not called from loadUrl function. It means shouldOverrideUrlLoading is not called when we connect to
2. shouldOverrideUrlLoading is not called when POST data is delivered. After Sign in with Apple success you redirected to your redirect_url but it contains POST data so… shouldOverrideUrlLoading is not called. Therefore John did one more redirection with not POST but GET to be caught by shouldOverrideUrlLoading.

This is what I know. If it contains wrong information please correct it.

JS Park

Can you confirm that shouldOverrideUrlLoadingmethod called every time you have a new URL on the browser even with POST DATA? In android java shouldOverrideUrlLoading never called in that cases. Please refer,%20android.webkit.WebResourceRequest)

It saids, “Note: This method is not called for POST requests.”

and.. in step6 you mentioned “The callback server returns a URL”. The word returns means redirects, right?

JS Park

Thank you for your quick reply.

Is it important that who do POST requests? Whether android app do POST request or.. the apple auth server do POST request.. shouldOverrideUrlLoadingis not called.
I just wanted to the point since it made me confused.

If shouldOverrideUrlLoading is called even with POST request then we can simply catch the auth code from the apple auth server directly.

JS Park

*typo: I just wanted to point(emphasize) it.

JS Park

Yup. I used JavaScriptInterface to catch the response from POST request.(

I don’t know why the Android don’t allow to catch POST request in shouldOverrideUrlLoading..

Anyways your tutorial was really awesome.
Thank you.


Hey John,, Its really urgent for me but I facing an issue that says
“the requested action is invalid” what to do ?


yes I have tested it with demo app.. there is also same problem


How to make sign out call?


Thank you for great tutorial! In the meantime I am getting “” message on the webview when I finished signing in, and I think it is related to the redirect uri. Any thought on this would be highly grateful!