Hypothetically if App A and App B both share the common third party library ... can iOS devicecheck token remains same same when generated through that common SDK ?
Due to common SDK they will use same server to validating tokens with something like this
let curDevice = DCDevice.current
if curDevice.isSupported
{
curDevice.generateToken(completionHandler: { (data, error) in
if let tokenData = data
{
print("Received token \(tokenData)")
}
else
{
print("Hit error: \(error!.localizedDescription)")
}
})
}
The token you receive from
generateToken
is a single use value. It is an opaque value that you pass through to Apple's server. Apple will associate the different values with the same device but you cannot correlate different token values yourself.Even App A will not receive the same value for sequential calls to
generateToken
.If App A and App B are associated with different developer accounts then Apple's servers will treat the relevant tokens as different devices.
Further, each app must use its own server (or at least its own server configuration) since the server authenticates with Apple using a JWT that is also linked to the developer account.
If App B, from developer B provides a token to server that passes a JWT associated with developer A, the token validation will fail.