I have a question regarding MDM functionality for iOS/iPadOS. Background: According to Apple's support page(https://support.apple.com/en-us/125073), since iOS 26.1, "Previous Wi-Fi configurations will be replaced when a new profile is installed." We have observed that because of this change, when we apply a Wi-Fi configuration profile to an iPad via MDM, the manually configured network settings on the device (specifically, "Configure IPv4" and "Configure DNS") are reset to "Automatic". This erases the manually entered IP address, subnet mask, router, and DNS server addresses. Goal: We want to apply a Wi-Fi configuration profile from our MDM server to connect the device to a specific SSID, while preserving the manual IP and DNS settings that have been configured on the device. Question: Is there a way to prevent the IPv4 and DNS settings from being switched from "Manual" to "Automatic" when applying the configuration profile? For example, is there a specific key-value pair we can add to the profile to either preserve the existing manual settings, or to explicitly define manual/static IP settings within the profile itself for iOS/iPadOS? Reference: Sample Configuration Profile Below is a simplified version of the Wi-Fi configuration profile we are currently using. This profile does not contain any keys for IP address configuration. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadType</key> <string>com.apple.wifi.managed</string> <key>PayloadIdentifier</key> <string>com.apple.wifi.managed.13E2E6B3-D4B9-4E23-888A-524B3ED40C38</string> <key>PayloadUUID</key> <string>13E2E6B3-D4B9-4E23-888A-524B3ED40C38</string> <key>PayloadVersion</key> <integer>1</integer> <key>SSID_STR</key> <string>SSID</string> <key>EncryptionType</key> <string>WPA</string> <key>Password</key> <string>Password</string> </dict> </array> <key>PayloadType</key> <string>Configuration</string> </dict> </plist>

Hello Apple Developer Community, I'm experiencing an invalid_client error (HTTP 400) when attempting to authenticate with the Apple School Manager API using OAuth2 with JWT bearer assertion (RFC 7523). Despite verifying all configuration values and following Apple's documentation, I continue to receive this error. Error Details Error: invalid_client HTTP Status: 400 Bad Request Endpoint: https://appleid.apple.com/auth/oauth2/v2/token Response: {"error": "invalid_client"} My Configuration All values have been verified to match Apple School Manager exactly: Organization ID: 55155430 Key ID: 8136a1f6-c995-4010-b964-bc8278c107ef Client ID (Service ID): SCHOOLAPI.7c0c10a0-4d8a-4ef8-a2be-eda040b65c59 Private Key: Loads correctly, signs JWT properly (ES256) JWT Configuration I'm generating a JWT with the following structure: Header: { "alg": "ES256", "kid": "8136a1f6-c995-4010-b964-bc8278c107ef", "typ": "JWT" } Payload: { "iss": "55155430", "sub": "SCHOOLAPI.7c0c10a0-4d8a-4ef8-a2be-eda040b65c59", "aud": "https://appleid.apple.com", "iat": [timestamp], "exp": [timestamp + 30 days] } Token Request Method: POST Content-Type: application/x-www-form-urlencoded Parameters: grant_type: client_credentials client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer client_assertion: [JWT token] scope: https://api.apple.com/auth/schoolmanager What I've Verified ✅ All configuration values match Apple School Manager exactly ✅ Private key file exists and loads correctly ✅ JWT is generated with correct structure (ES256, proper claims) ✅ Key ID in JWT header matches the Key ID from Apple School Manager ✅ Request format matches OAuth2 RFC 7523 specification ✅ Content-Type header is application/x-www-form-urlencoded ✅ Tried both Client ID and Organization ID as sub claim (both fail with same error) ✅ DNS resolution and API connectivity are working ✅ API account appears active in Apple School Manager interface What I've Tried Using Client ID as sub: Tried using SCHOOLAPI.7c0c10a0-4d8a-4ef8-a2be-eda040b65c59 as the sub claim Using Organization ID as sub: Tried using 55155430 as the sub claim (fallback) With and without scope: Tried both including and excluding the scope parameter Different JWT expiration: Tried various expiration times (30 days, 180 days) Verified Service ID format: Confirmed the Client ID follows the SCHOOLAPI.xxxxx-xxxxx-xxxxx format Both attempts (Client ID and Organization ID as sub) return the same invalid_client error. Previous Support Interaction I've contacted Apple Developer Support (Case #102783504559). They confirmed: The technical implementation is correct The issue is an account access/permission problem My Apple Account email is not associated with any memberships The Account Holder must add me to the Enterprise team membership However, I'm posting here to see if anyone in the community has: Experienced similar issues and found a solution Additional technical insights about the invalid_client error Suggestions for what else to verify or try Questions Is there a specific format requirement for the sub claim? Should it be the Client ID (Service ID) or Organization ID? I've tried both. Are there any additional claims required in the JWT beyond iss, sub, aud, iat, exp? Could there be a backend issue with the API account even though it appears active in Apple School Manager? Has anyone successfully resolved an invalid_client error that wasn't related to account access? Is there a delay after creating an API account before it becomes fully active for authentication? Technical Details Language: Python (Flask) JWT Library: PyJWT with cryptography library Algorithm: ES256 (ECDSA P-256) OAuth2 Flow: Client Credentials Grant with JWT Bearer Assertion (RFC 7523) Error Log I've generated a detailed error log showing the exact request/response. The key points: HTTP 400 Bad Request Response: {"error":"invalid_client"} Same error occurs with both Client ID and Organization ID as sub Any Help Appreciated If anyone has encountered this issue or has insights into what might be causing it, I'd greatly appreciate your help. I'm happy to provide additional details or try any suggestions. Thank you! Case Number: 102783504559 API Account: Created in Apple School Manager Status: API account appears active, but authentication fails

We have an office application used internally within our enterprise. The Provisioning Profiles (PP) for the app were about to expire, so we updated the PP and released a new version. However, we've encountered an issue where some users did not update their phones in time. After the app expired, they found it unusable and downloaded the new version, but the newly downloaded app also crashes on launch. Restarting the phone does not resolve the issue, and this primarily occurs on iOS 18.3.2. What could be the cause of this problem, and how should we address it?

My company signed the application with enterprise certificate, the Provisioning Profile expired on March 20, 2025. Some iPhones didn't update the application before the expiration. We have update the Provisioning Profile and repackaged application. However, these iPhones still can't use the application after reinstalling the new ipa. After opening the application, the screen is blank and then flashes back without any error prompt. Restarting iPhone didn't help.

I created a provisional profile from apple developer portal for my iOS app. The expiry date shown in the profile is 21-April 2026. However, when I build the app with this provisional profile the expiry date shown in the app is 11 Dec, 2025. My iOS distribution certificate expires only in November 2026. I see a embeded.mobileprovision profile inside the app, and it has an expiry of 11-Dec-2025. I did a clean build,, cleared unnecessary profiles from profile folder, created a new provisional profile and tried, but nothing seems help. We have a few apps, and no other app has this issue. We do annual release of all apps together for provisional profile renewal. As this app expiry is different, it will cause lot of difficulty for us next year. Will you please help me to resolve this issue? Thanks.

this issue is posted on Community multiple times. I am here out of desperation after opening a case on IT support. when a user fills out their application, uploads resume - all of that info is saved. however, when you click "submit," the button does not work. I (along w/tons of other ppl) have tried all the usual remedies: clear cache, try different browsers, try different networks, try different devices - NOTHING WORKS. this is maddening b/c it is affecting my life and career. this is an urgent need. it is also disappointing that there is no tech support for the Careers site! this was confirmed by IT support today, they could not find anything and sent me here instead. please help! I was an apple contractor last year and want to come back but can't even submit my application.

Hello all, I’m hoping someone here has gone through the process of integrating an ERP system with the Apple GSX API and can offer some guidance. We’re currently working with an AASP who asked us to integrate our ERP with the Apple GSX API. It’s the first time for both of us, and we’re a bit stuck on how to properly get started. The AASP contacted their regional manager, who confirmed that an NDA and an Apple Developer Account would be necessary. However, he hasn’t handled this type of integration before and is still seeking internal guidance. That was a few months ago, and due to his workload, the AASP hasn’t heard back from him yet. Meanwhile, we’ve already enrolled in the Apple Developer Program and opened a support case, but we’ve been redirected to the forums since our case goes beyond standard support. So now we’re trying to understand: What steps need to be completed by the AASP? What are the steps we, as the ERP provider, need to take in order to receive API access? Are there any specific documents, applications, or technical requirements we should prepare in advance? We’d really appreciate any guidance or insight from others who have gone through this process — or even partial answers to help us move forward. Thanks in advance for your time!

Hi, I’m an enterprise developer, and we distribute our internal iOS app through a direct download link on our company website (not via App Store or TestFlight). The app is properly signed and works fine on most devices including iPhones and regular iPads. However, on iPad Pro 11-inch (4th generation), the app crashes immediately upon launch when installed via the website. Interestingly, if we install the exact same app via Xcode, it runs without issue on the same device. We also tested a third-party enterprise app called "Taipei On", and it showed the same crash behavior when installed via direct web download on the same iPad model. This leads us to believe the issue may be more widespread or specific to this iPad Pro model or recent iOS versions. Furthermore, some of our users with iPhone 15 devices have started experiencing similar crashes recently, even though they had no issues before. Is this a known issue related to enterprise app distribution or IPA installation behavior on certain devices? Any advice or insight from the Apple team or other developers would be appreciated. Thanks!

"To receive payments from Apple, you must add a bank account." As an Apple "Individual" developer, can I accept payments to my corporate card?

I am a developer distributing an enterprise app. Recently, some users have intermittently encountered an error message on iOS 18.5 stating: "Unable to install this app because its integrity could not be verified." While the issue could not be reproduced on iPhone 15 / iOS 18.5, we have received reports that it does occur on the following devices: iPhone 14 / iOS 18.5, iPhone 14 Pro / iOS 18.5, iPhone 14 Plus / iOS 18.5, iPhone 16 Pro Max / iOS 18.5, Are there any known issues or recommended solutions regarding this behavior? Thank you in advance for your assistance.

We install two in-house apps. The first app is installed using the standard in-house method, while the second app is installed via MDM commands. Both apps share the same Team ID and use Keychain sharing to exchange data. However, when the MDM profile is deleted and the second app is removed, the first app intermittently encounters issues and does not function properly. However, when the MDM mobileconfig is reinstalled and the second app is installed again, the first app that was not functioning starts working properly. We have thoroughly reviewed the logs but have not been able to find a solution. Your assistance would be greatly appreciated. We have extracted and attached the device logs that were generated during the error occurrence. log.log

Hi everyone, I’m working as an IT engineer in the cruise industry and need to troubleshoot passenger complaints about Apple’s new RCS messaging feature (introduced with iOS 18). Could someone help confirm which domains and ports iPhones use when they send RCS messages? My firewall team wants specifics: domains (or subdomains) that need whitelisting and the ports involved. Any official or community-sourced info would be super helpful—thanks in advance!

Hi Team, Could you please share how to change/extend the expiry date of the existing iOS Distribution (In-House) certificate? Since the membership renewal date is in March 2026 and the iOS distribution(In-House) certificate expiry date is in Feb 2026. We use to distribute the mobile apps using the product intunes (Company portal) and via direct download link. Please suggest since this certificate is used by multiple mobile apps by the users which can affect lot of iPhone users? Thank you in advance Deepak

Hello everyone, I’m looking for some clarity from the community regarding eligibility for the Swift Student Challenge 2026, particularly for students taking a gap year in India. I graduated from high school (Class XII, CBSE – India) in May 2025. After graduating, I chose to take a gap year to prepare for competitive entrance examinations in India, with the goal of pursuing Computer Science / Engineering. I’ll be applying to accredited universities for programs starting in mid-2026, and I’m not currently enrolled in a college. My question: The eligibility guidelines state that high school graduates must have graduated within the past 6 months and must be awaiting acceptance or have received acceptance to an accredited institution. Since the submission deadline is February 28, 2026, my graduation would be about 9 months prior, which puts me in a gray area. Has anyone here participated in, or seen others participate in, the Swift Student Challenge while taking a gap year and preparing for university entrance exams? Is there any known flexibility or precedent for students in this situation? I’ve been following the Swift Student Challenge since 2023 and would really love to participate if I’m eligible. Any insights or experiences would be greatly appreciated. Thanks!

Recently, we have encountered some users who have been unable to open the enterprise signature application after upgrading to version 18.3.2, without an IPS file. Through system logs, we found that signature verification has occurred SecKeyVerifySignature failed: Error Domain=NSOSStatusErrorDomain Code=-50 "rsa_pub_crypt failed, ccerr=-7" UserInfo={numberOfErrorsDeep=0, NSDescription=rsa_pub_crypt failed, ccerr=-7} Waiting for the information, I will provide the obtained system logs below. The application package name that crashed is com. mobile. moa aa.txt new

10:17:34.335397+0900 Process SpringBoard Bootstrapping failed for <FBApplicationProcess: 0x4d8eca700; app<com.a.b.c>:> with error: <NSError: 0x300a3d1d0; domain: RBSRequestErrorDomain; code: 5; "Launch failed."> { NSUnderlyingError = <NSError: 0x300a54090; domain: NSPOSIXErrorDomain; code: 85> { NSLocalizedDescription = Launchd job spawn failed; }; }

Hello, I've noticed some unexpected behavior when updating a user's FileVault password. The set up: All actions are performed in virtualized macOS 14 and 15.5 guests on a 15.5 Apple Silicon host. FileVault is enabled. sjsp is a standard user with a Secure Token. The Mac is bound to AD, and the domain is reachable. Reproduction: systemctl -secureTokenStatus sjsp shows it's ENABLED. fdesetup remove -user sjsp fdesetup add -usertoadd sjsp systemctl -secureTokenStatus sjsp shows it's DISABLED. Surprisingly, sjsp is still able to unlock FileVault. Looking at unified logs for opendirectoryd and fdesetup, I see that a password change is being attempted in response to fdesetup add, which is unexpected. default 13:34:41.320883+0100 opendirectoryd Changing password for <private> (E5CC46D7-0C1F-4009-8421-9AA8217CB784) info 13:34:41.321317+0100 opendirectoryd No unlock record exists for E5CC46D7-0C1F-4009-8421-9AA8217CB784 info 13:34:41.321331+0100 opendirectoryd <private> (E5CC46D7-0C1F-4009-8421-9AA8217CB784) is not a SecureToken user: no unlock record default 13:34:41.321341+0100 opendirectoryd Changing password for <private> (E5CC46D7-0C1F-4009-8421-9AA8217CB784): user <private> SecureToken, only new password provided, credential <private> default 13:34:41.321454+0100 opendirectoryd Changing password for <private> (E5CC46D7-0C1F-4009-8421-9AA8217CB784) with no existing unlock record info 13:34:41.321857+0100 opendirectoryd No unlock record exists for E5CC46D7-0C1F-4009-8421-9AA8217CB784 default 13:34:41.321873+0100 opendirectoryd Record <private> (E5CC46D7-0C1F-4009-8421-9AA8217CB784) is eligible for SecureToken default 13:34:41.322637+0100 fdesetup DMAPFS cryptoUserForMacOSUserForVolume DMErr=-69594 retErr=-69594 outAPFSCryptoUser=(null) default 13:34:41.322699+0100 opendirectoryd While changing password for <private> (E5CC46D7-0C1F-4009-8421-9AA8217CB784): Not adding SecureToken; other unlock records exist, but no existing unlock record provided If I disconnect the network and follow the reproduction steps then the Secure Token is retained. Reconnecting and waiting a while doesn't cause the Secure Token to be lost. There are no log entries about attempting to change the password. Any help or explanation would be appreciated, thanks in advance.

Hello everyone, I recently changed the phone number associated with my Apple ID (about 4 days ago), but I’m still receiving the two-factor authentication verification codes on my old number instead of the new one. Has anyone experienced this? Is there a delay on Apple’s side, or is there something else I need to do to complete the update?

We are trying the renewal the apple Enterprise program. It asks set of questions after that it shows the below message "Thank you for your request to renew your membership in the Apple Developer Enterprise Program. We’ll review your submission and get back to you shortly to let you know if we can process the renewal or if another program better serves your organization’s needs." We have submitted for review for over two months now. During these two months, we have contacted the official customer service multiple times, only to be told to wait for news. Now, with only a few days left, The status hasn't changed, neither approved nor rejected，what should we do？This account is very important to our company. Thank you

Hey everyone, Is it possible and how to get Managed Apple ID (email) programmatically for user signed in to ipad through shared IPad feature ? It would be good to have MDM independent solution, I mean API call to MDM service is not acceptable for us. Maybe API call to ASM or ABM, or get that somehow on iOS device end... any advice ? Thanks in advance, Dima