Documentation
¶
Index ¶
- func GenerateClientSecret(teamID, clientID, keyID string, privateKeyPEM []byte) (string, error)
- func GetUserInfo() http.HandlerFunc
- func GetUserInfoEndpoint() string
- func LoadPrivateKey(path string) ([]byte, error)
- func NewWithOptions(providerConfig *oauthgotypes.ProviderConfig) (coreprov.OAuthO2IDCProvider, error)
- type AppleIDClaims
- type AppleUserResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateClientSecret ¶
GenerateClientSecret generates a JWT client secret for Apple OAuth2
func GetUserInfo ¶
func GetUserInfo() http.HandlerFunc
GetUserInfo extracts and decodes Apple id_token from the Authorization header (Bearer id_token) and returns user info.
func GetUserInfoEndpoint ¶
func GetUserInfoEndpoint() string
GetUserInfoEndpoint is unsupported for Apple since user info is only in the ID Token. Instead, decode the ID Token (JWT) to extract user claims.
func LoadPrivateKey ¶
LoadPrivateKey loads the private key from a .p8 file
func NewWithOptions ¶
func NewWithOptions(providerConfig *oauthgotypes.ProviderConfig) (coreprov.OAuthO2IDCProvider, error)
NewWithOptions creates a new Apple OAuth2/OIDC provider with defaults
Types ¶
type AppleIDClaims ¶
type AppleIDClaims struct {
Email string `json:"email"`
EmailVerified string `json:"email_verified"`
AuthTime int64 `json:"auth_time"`
Nonce string `json:"nonce"`
jwt.RegisteredClaims
}
AppleIDClaims represents the ID token claims returned by Apple
func ParseIDToken ¶
func ParseIDToken(idToken string) (*AppleIDClaims, error)
ParseIDToken decodes Apple's id_token without signature verification (Apple publishes JWKS, but often decoding for profile is enough).
type AppleUserResponse ¶
type AppleUserResponse struct {
Sub string `json:"sub"`
Email string `json:"email"`
EmailVerified string `json:"email_verified"`
Nonce string `json:"nonce,omitempty"`
AuthTime int64 `json:"auth_time,omitempty"`
}
AppleUserResponse wraps the decoded ID Token claims for Apple users
Source Files