README
¶
PTGU OAuth Apple
Import
import (
PTGUoauth "github.com/parinyapt/golang_utils/oauth/apple/v1"
)
Example
Config OAuth
var privkey = `
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----`
appleOAuth := PTGUoauth.NewAppleOAuth(&PTGUoauth.AppleOAuthConfig{
ClientID: "com.prinpt.devx",
RedirectURL: "https://apple.prinpt.com/callback",
TeamID: "XXXXXXXXXX",
KeyID: "XXXXXXXXXX",
PrivateKey: privkey,
})
Generate Login URL
loginURL := appleOAuth.GenerateOAuthURL(PTGUoauth.OptionAppleGenerateOAuthURL{
ResponseType: []string{"code", "id_token"},
ResponseMode: "form_post",
Scope: []string{"name", "email"},
State: "STATE",
})
Generate Client Secret
clientSecret, err := appleOAuth.GenerateClientSecret(5 * time.Minute)
if err != nil {
panic(err)
}
fmt.Println(clientSecret)
Get IDToken Info from JWT
tokenString := "eyJra...96sZg"
data, err := PTGUoauth.GetIDTokenInfo(tokenString)
if err != nil {
panic(err)
}
fmt.Println(data.Audience)
if data.Email != nil {
fmt.Println(*data.Email)
}
Get IDToken Info from JWT with validate Public Key
tokenString := "eyJra...96sZg"
data, ispass , err := appleOAuth.GetIDTokenInfoWithPublicKeyValidation(tokenString, PTGUoauth.OptionAppleGetIDTokenInfoWithPublicKeyValidation{
NotIssuedBeforeTime: time.Now().Add(-1 * time.Hour), // optional
ExpiresAfterIssuedIn: 10 * time.Hour, // optional
})
if err != nil {
panic(err)
}
fmt.Println(ispass)
fmt.Println(data.Audience)
if data.Email != nil {
fmt.Println(*data.Email)
}
Get Apple Public Key
pubKey, err := PTGUoauth.GetApplePublicKey("XXXXXXX")
if err != nil {
panic(err)
}
fmt.Println(pubKey.N)
fmt.Println(pubKey.E)
Validate Authorization Code and Get Access Token / ID Token / Refresh Token
code := "c7...lABoQ"
data, err := appleOAuth.ValidateAuthorizationCode(code, PTGUoauth.PlatformWeb) // PTGUoauth.PlatformWeb or PTGUoauth.PlatformApp
if err != nil {
panic(err)
}
fmt.Println(data.AccessToken)
fmt.Println(data.RefreshToken)
fmt.Println(data.TokenType)
fmt.Println(data.ExpiresIn)
fmt.Println(data.IDToken)
Validate Refresh Token and Get Access Token / ID Token
refreshToken := "rca7...lABoQ"
data, err := appleOAuth.ValidateRefreshToken(refreshToken)
if err != nil {
panic(err)
}
fmt.Println(data.IDToken)
fmt.Println(data.AccessToken)
fmt.Println(data.ExpiresIn)
fmt.Println(data.TokenType)
Revoke Token by Access Token or Refresh Token
token := "rca7...lABoQ"
err := appleOAuth.RevokeToken(token, PTGUoauth.TypeRefreshToken) // PTGUoauth.TypeAccessToken or PTGUoauth.TypeRefreshToken
if err != nil {
panic(err)
}
REF
- https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
- https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple
- https://medium.com/@sirajul.anik/sign-in-with-apple-verify-mobile-app-payload-under-5-minutes-for-backend-developers-d69c2217ddec
- https://github.com/Timothylock/go-signin-with-apple
- https://sarunw.com/posts/sign-in-with-apple-4/
Documentation
¶
Index ¶
- Constants
- func GetApplePrivateKeyFromFile(filename string) (privateKey string, err error)
- func NewAppleOAuth(inputConfig *AppleOAuthConfig) *appleOAuthReceiverArgument
- type AppleIDTokenInfo
- type AppleOAuthConfig
- type AppleOAuthMethod
- type AppleValidateAuthorizationCodeResponse
- type AppleValidateRefreshTokenResponse
- type OptionAppleGenerateOAuthURL
- type OptionAppleGetIDTokenInfoWithPublicKeyValidation
- type ResponseApplePublicKey
Constants ¶
View Source
const ( // URL for Apple OAuth OAuthURL = "https://appleid.apple.com/auth/authorize" // URL for fetch Apple's public key for verifying token signature PublicKeyURL = "https://appleid.apple.com/auth/keys" // URL for generate and validate tokens ValidateTokenURL = "https://appleid.apple.com/auth/token" // URL for revoke tokens RevokeTokenURL = "https://appleid.apple.com/auth/revoke" )
View Source
const ( PlatformWeb = "web" PlatformApp = "app" )
View Source
const ( TypeAccessToken = "access_token" TypeRefreshToken = "refresh_token" )
!RevokeToken
Variables ¶
This section is empty.
Functions ¶
func GetApplePrivateKeyFromFile ¶ added in v1.0.7
!GetApplePrivateKeyFromFile
func NewAppleOAuth ¶
func NewAppleOAuth(inputConfig *AppleOAuthConfig) *appleOAuthReceiverArgument
Types ¶
type AppleIDTokenInfo ¶
type AppleIDTokenInfo struct {
Issuer string `json:"iss"`
Subject string `json:"sub"`
Audience string `json:"aud"`
IssuedAt int64 `json:"iat"`
ExpiresAt int64 `json:"exp"`
Nonce *string `json:"nonce,omitempty"`
NonceSupported *bool `json:"nonce_supported,omitempty"`
Email *string `json:"email,omitempty"`
EmailVerified *bool `json:"email_verified,omitempty"`
IsPrivateEmail *bool `json:"is_private_email,omitempty"`
RealUserStatus *int `json:"real_user_status,omitempty"`
TransferSub *string `json:"transfer_sub,omitempty"`
CHash *string `json:"c_hash,omitempty"`
AtHash *string `json:"at_hash,omitempty"`
AuthTime *int64 `json:"auth_time,omitempty"`
}
!GetIDTokenInfo
func GetIDTokenInfo ¶
func GetIDTokenInfo(idToken string) (returnData AppleIDTokenInfo, err error)
type AppleOAuthConfig ¶
type AppleOAuthConfig struct {
// Client ID from apple developer account ex. com.parinyapt.ptgu
ClientID string
// Redirect URL that config for apple sign in ex. https://auth.prinpt.com/oauth/apple/callback
RedirectURL string
// Team ID from apple developer account
TeamID string
// 10 char of .p8 file name
KeyID string
// Key from .p8 file
PrivateKey string
}
type AppleOAuthMethod ¶
type AppleOAuthMethod interface {
// GenerateOAuthURL is a function to generate oauth url for user to login
// Condition for generate oauth url (https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms)
GenerateOAuthURL(option OptionAppleGenerateOAuthURL) (oauthURL string)
// GenerateClientSecret is a function to generate client secret for validate token
GenerateClientSecret(expireIn time.Duration) (clientSecret string, err error)
// GetIDTokenInfo is a function to get information from id token
GetIDTokenInfo(idToken string) (returnData AppleIDTokenInfo, err error)
// GetIDTokenInfoWithPublicKeyValidation is a function to get verify id token from apple and get information from id token
GetIDTokenInfoWithPublicKeyValidation(idToken string, option OptionAppleGetIDTokenInfoWithPublicKeyValidation) (returnData AppleIDTokenInfo, isValidatePass bool, err error)
// GetApplePublicKey is a function to get apple's public key for verifying token signature
GetApplePublicKey(kid string) (returnData ResponseApplePublicKey, err error)
GetApplePrivateKeyFromFile(filename string) (privateKey string, err error)
// ValidateAuthorizationCode is a function to validate authorization code from apple and get access token / id token / refresh token [required platform = PlatformWeb or PlatformApp]
ValidateAuthorizationCode(authorizationCode string, platform string) (returnData AppleValidateAuthorizationCodeResponse, err error)
// ValidateRefreshToken is a function to validate refresh token from apple and get access token / id token
ValidateRefreshToken(refreshToken string) (returnData AppleValidateRefreshTokenResponse, err error)
// RevokeToken is a function to revoke token from apple [required tokenType = TypeAccessToken or TypeRefreshToken]
RevokeToken(token string, tokenType string) (err error)
}
type AppleValidateAuthorizationCodeResponse ¶
type AppleValidateAuthorizationCodeResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
IDToken string `json:"id_token"`
RefreshToken string `json:"refresh_token"`
}
!ValidateAuthorizationCode
type AppleValidateRefreshTokenResponse ¶
type AppleValidateRefreshTokenResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
IDToken string `json:"id_token"`
}
!ValidateRefreshToken
type OptionAppleGenerateOAuthURL ¶
type OptionAppleGenerateOAuthURL struct {
ResponseType []string
ResponseMode string
Scope []string
State string
}
!GenerateOAuthURL
type OptionAppleGetIDTokenInfoWithPublicKeyValidation ¶
type OptionAppleGetIDTokenInfoWithPublicKeyValidation struct {
NotIssuedBeforeTime time.Time
ExpiresAfterIssuedIn time.Duration
}
!GetIDTokenInfoWithPublicKeyValidation
type ResponseApplePublicKey ¶
type ResponseApplePublicKey struct {
Kty string `json:"kty"`
Kid string `json:"kid"`
Use string `json:"use"`
Alg string `json:"alg"`
N string `json:"n"`
E string `json:"e"`
}
!GetApplePublicKey
func GetApplePublicKey ¶
func GetApplePublicKey(kid string) (returnData ResponseApplePublicKey, err error)
Source Files
Click to show internal directories.
Click to hide internal directories.