README
¶
Apple 登录验证
根据code验证
var (
code string
uid string
)
//验证
secret, _ := apple.GenerateClientSecret(secret, teamID, clientID, keyID)
//
client := apple.NewClient()
vReq := apple.AppValidationTokenRequest{
ClientID: clientID,
ClientSecret: secret,
Code: code, // code值
}
var resp apple.ValidationResponse
// 验证
client.VerifyAppToken(context.Background(), vReq, &resp)
// 获取用户信息
unique, _ := apple.GetUniqueID(resp.IDToken)
// 验证是否同一个用户
if unique!=uid{
return
}
fmt.Println(unique)
Documentation
¶
Index ¶
- Constants
- func GenerateClientSecret(secret, teamID, clientID, keyID string) (string, error)
- func GetClaims(idToken string) (*jwt.Claims, error)
- func GetUniqueID(idToken string) (string, error)
- type AppValidationTokenRequest
- type Client
- func (c *Client) VerifyAppToken(ctx context.Context, reqBody AppValidationTokenRequest, result interface{}) error
- func (c *Client) VerifyRefreshToken(ctx context.Context, reqBody ValidationRefreshRequest, result interface{}) error
- func (c *Client) VerifyWebToken(ctx context.Context, reqBody WebValidationTokenRequest, result interface{}) error
- type RefreshResponse
- type ValidationClient
- type ValidationRefreshRequest
- type ValidationResponse
- type WebValidationTokenRequest
Constants ¶
const ( // ValidationURL is the endpoint for verifying tokens ValidationURL string = "https://appleid.apple.com/auth/token" // ContentType is the one expected by Apple ContentType string = "application/x-www-form-urlencoded" // UserAgent is required by Apple or the request will fail UserAgent string = "go-sign-with-apple" // AcceptHeader is the content that we are willing to accept AcceptHeader string = "application/json" )
Variables ¶
This section is empty.
Functions ¶
func GenerateClientSecret ¶
GenerateClientSecret generates the client secret used to make requests to the validation server. The secret expires after 6 months secret - Private key from Apple obtained by going to the keys section of the developer section teamID - Your 10-character Team ID clientID - Your Services ID, e.g. com.aaronparecki.services keyID - Find the 10-char Key ID value from the portal
func GetClaims ¶
GetClaims decodes the id_token response and returns the JWT claims to identify the user
func GetUniqueID ¶
GetUniqueID decodes the id_token response and returns the unique subject ID to identify the user
Types ¶
type AppValidationTokenRequest ¶
type AppValidationTokenRequest struct {
// ClientID is the package name of your app
ClientID string
// ClientSecret is secret generated as a JSON Web Token that uses the secret key generated by the WWDR portal.
// It can also be generated using the GenerateClientSecret function provided in this package
ClientSecret string
// Code is the authorization code received from your application’s user agent.
// The code is single use only and valid for five minutes.
Code string
}
AppValidationTokenRequest is based off of https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client implements ValidationClient
func NewWithURL ¶
NewWithURL creates a Client object with a custom URL provided
func (*Client) VerifyAppToken ¶
func (c *Client) VerifyAppToken(ctx context.Context, reqBody AppValidationTokenRequest, result interface{}) error
VerifyAppToken sends the AppValidationTokenRequest and gets validation result
func (*Client) VerifyRefreshToken ¶
func (c *Client) VerifyRefreshToken(ctx context.Context, reqBody ValidationRefreshRequest, result interface{}) error
VerifyRefreshToken sends the WebValidationTokenRequest and gets validation result
func (*Client) VerifyWebToken ¶
func (c *Client) VerifyWebToken(ctx context.Context, reqBody WebValidationTokenRequest, result interface{}) error
VerifyWebToken sends the WebValidationTokenRequest and gets validation result
type RefreshResponse ¶
type RefreshResponse struct {
// (Reserved for future use) A token used to access allowed data. Currently, no data set has been defined for access.
AccessToken string `json:"access_token"`
// The type of access token. It will always be "bearer".
TokenType string `json:"token_type"`
// The amount of time, in seconds, before the access token expires. You can revalidate with this token
ExpiresIn int `json:"expires_in"`
// Used to capture any error returned by the endpoint. Do not trust the response if this error is not nil
Error string `json:"error"`
}
RefreshResponse is a subset of ValidationResponse returned by Apple
type ValidationClient ¶
type ValidationClient interface {
VerifyWebToken(ctx context.Context, reqBody WebValidationTokenRequest, result interface{}) error
VerifyAppToken(ctx context.Context, reqBody AppValidationTokenRequest, result interface{}) error
VerifyRefreshToken(ctx context.Context, reqBody ValidationRefreshRequest, result interface{}) error
}
ValidationClient is an interface to call the validation API
type ValidationRefreshRequest ¶
type ValidationRefreshRequest struct {
// ClientID is the "Services ID" value that you get when navigating to your "sign in with Apple"-enabled service ID
ClientID string
// ClientSecret is secret generated as a JSON Web Token that uses the secret key generated by the WWDR portal.
// It can also be generated using the GenerateClientSecret function provided in this package
ClientSecret string
// RefreshToken is the refresh token given during a previous validation
RefreshToken string
}
ValidationRefreshRequest is based off of https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
type ValidationResponse ¶
type ValidationResponse struct {
// (Reserved for future use) A token used to access allowed data. Currently, no data set has been defined for access.
AccessToken string `json:"access_token"`
// The type of access token. It will always be "bearer".
TokenType string `json:"token_type"`
// The amount of time, in seconds, before the access token expires. You can revalidate with the "RefreshToken"
ExpiresIn int `json:"expires_in"`
// The refresh token used to regenerate new access tokens. Store this token securely on your server.
RefreshToken string `json:"refresh_token"`
// A JSON Web Token that contains the user’s identity information.
IDToken string `json:"id_token"`
// Used to capture any error returned by the endpoint. Do not trust the response if this error is not nil
Error string `json:"error"`
}
ValidationResponse is based off of https://developer.apple.com/documentation/signinwithapplerestapi/tokenresponse
type WebValidationTokenRequest ¶
type WebValidationTokenRequest struct {
// ClientID is the "Services ID" value that you get when navigating to your "sign in with Apple"-enabled service ID
ClientID string
// ClientSecret is secret generated as a JSON Web Token that uses the secret key generated by the WWDR portal.
// It can also be generated using the GenerateClientSecret function provided in this package
ClientSecret string
// Code is the authorization code received from your application’s user agent.
// The code is single use only and valid for five minutes.
Code string
// RedirectURI is the destination URI the code was originally sent to.
// Redirect URLs must be registered with Apple. You can register up to 10. Apple will throw an error with IP address
// URLs on the authorization screen, and will not let you add localhost in the developer portal.
RedirectURI string
}
WebValidationTokenRequest is based off of https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
Source Files