使用 Apple 登录:在服务器端验证令牌
Sign in with Apple: verify token at server side
您好,我正在尝试验证客户端应用程序提供的苹果授权凭据,在服务器端,我从客户端获取这些字段:authorizationCode、identityToken还有很多其他领域。
我尝试阅读了很多博客,但其中 none 恰好提到了这些领域。通过对某些苹果使用这些字段来验证和获取用户详细信息的最简单方法是什么 API
我已经为 Google 做到了,客户端将访问令牌传递给后端并使用 https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=YourToken 我们可以验证令牌并获取用户详细信息。
请为苹果推荐一些类似的方法。谢谢。
我正在使用 ROR,以防有帮助。
最后,我弄清楚了如何验证从客户端收到的访问令牌。
Apple 没有提供任何 API 来验证访问令牌,我强烈推荐 this blog 它非常清楚地解释了整个过程。
This is the ruby code link for the same.
对于那些需要 React-Native 客户端代码的人,请看下面:
import * as React from 'react';
import * as AppleAuthentication from 'expo-apple-authentication';
import { signInWithApple } from '../api';
const AppleAuthenticationButton = () => (
<AppleAuthentication.AppleAuthenticationButton
buttonType={AppleAuthentication.AppleAuthenticationButtonType.SIGN_IN}
buttonStyle={AppleAuthentication.AppleAuthenticationButtonStyle.WHITE}
cornerRadius={5}
style={{ width: 200, height: 44 }}
onPress={async () => {
try {
const credential = await AppleAuthentication.signInAsync({
requestedScopes: [
AppleAuthentication.AppleAuthenticationScope.FULL_NAME,
AppleAuthentication.AppleAuthenticationScope.EMAIL,
],
});
console.log('signed in', credential);
await signInWithApple(credential);
// signed in
} catch (e) {
if (e.code === 'ERR_CANCELED') {
console.log('cancelled');
// handle that the user canceled the sign-in flow
} else {
console.log('apple authentication error', e);
// handle other errors
}
}
}}
/>
);
export default AppleAuthenticationButton;
export const signInWithApple = async (credentials) => {
const {
identityToken, user, email, authorizationCode, fullName,
} = credentials;
apiCall('users/sign_in', 'post', {
method: 'apple',
identityToken,
user,
email,
authorizationCode,
fullName,
});
};
此外,正如我在下面的评论中指出的那样,我发现苹果凭据提供了 2 个密钥,但只有其中一个有效。我不知道为什么,但下面的代码比之前回复中链接的代码效果更好。
def validate_apple_id
name = params[:name]
userIdentity = params[:user]
jwt = params[:identityToken]
begin
header_segment = JSON.parse(Base64.decode64(jwt.split(".").first))
alg = header_segment["alg"]
apple_response = Net::HTTP.get(URI.parse(APPLE_PEM_URL))
apple_certificate = JSON.parse(apple_response)
token_data = nil
apple_certificate["keys"].each do | key |
keyHash = ActiveSupport::HashWithIndifferentAccess.new(key)
jwk = JWT::JWK.import(keyHash)
token_data ||= JWT.decode(jwt, jwk.public_key, true, {algorithm: alg})[0] rescue nil
end
if token_data&.has_key?("sub") && token_data.has_key?("email") && userIdentity == token_data["sub"]
yield
else
# TODO: Render error to app
end
rescue StandardError => e
# TODO: Render error to app
end
end
您好,我正在尝试验证客户端应用程序提供的苹果授权凭据,在服务器端,我从客户端获取这些字段:authorizationCode、identityToken还有很多其他领域。
我尝试阅读了很多博客,但其中 none 恰好提到了这些领域。通过对某些苹果使用这些字段来验证和获取用户详细信息的最简单方法是什么 API
我已经为 Google 做到了,客户端将访问令牌传递给后端并使用 https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=YourToken 我们可以验证令牌并获取用户详细信息。
请为苹果推荐一些类似的方法。谢谢。 我正在使用 ROR,以防有帮助。
最后,我弄清楚了如何验证从客户端收到的访问令牌。 Apple 没有提供任何 API 来验证访问令牌,我强烈推荐 this blog 它非常清楚地解释了整个过程。 This is the ruby code link for the same.
对于那些需要 React-Native 客户端代码的人,请看下面:
import * as React from 'react';
import * as AppleAuthentication from 'expo-apple-authentication';
import { signInWithApple } from '../api';
const AppleAuthenticationButton = () => (
<AppleAuthentication.AppleAuthenticationButton
buttonType={AppleAuthentication.AppleAuthenticationButtonType.SIGN_IN}
buttonStyle={AppleAuthentication.AppleAuthenticationButtonStyle.WHITE}
cornerRadius={5}
style={{ width: 200, height: 44 }}
onPress={async () => {
try {
const credential = await AppleAuthentication.signInAsync({
requestedScopes: [
AppleAuthentication.AppleAuthenticationScope.FULL_NAME,
AppleAuthentication.AppleAuthenticationScope.EMAIL,
],
});
console.log('signed in', credential);
await signInWithApple(credential);
// signed in
} catch (e) {
if (e.code === 'ERR_CANCELED') {
console.log('cancelled');
// handle that the user canceled the sign-in flow
} else {
console.log('apple authentication error', e);
// handle other errors
}
}
}}
/>
);
export default AppleAuthenticationButton;
export const signInWithApple = async (credentials) => {
const {
identityToken, user, email, authorizationCode, fullName,
} = credentials;
apiCall('users/sign_in', 'post', {
method: 'apple',
identityToken,
user,
email,
authorizationCode,
fullName,
});
};
此外,正如我在下面的评论中指出的那样,我发现苹果凭据提供了 2 个密钥,但只有其中一个有效。我不知道为什么,但下面的代码比之前回复中链接的代码效果更好。
def validate_apple_id
name = params[:name]
userIdentity = params[:user]
jwt = params[:identityToken]
begin
header_segment = JSON.parse(Base64.decode64(jwt.split(".").first))
alg = header_segment["alg"]
apple_response = Net::HTTP.get(URI.parse(APPLE_PEM_URL))
apple_certificate = JSON.parse(apple_response)
token_data = nil
apple_certificate["keys"].each do | key |
keyHash = ActiveSupport::HashWithIndifferentAccess.new(key)
jwk = JWT::JWK.import(keyHash)
token_data ||= JWT.decode(jwt, jwk.public_key, true, {algorithm: alg})[0] rescue nil
end
if token_data&.has_key?("sub") && token_data.has_key?("email") && userIdentity == token_data["sub"]
yield
else
# TODO: Render error to app
end
rescue StandardError => e
# TODO: Render error to app
end
end