-
Notifications
You must be signed in to change notification settings - Fork 4
/
appleLogin.go
123 lines (113 loc) · 3.38 KB
/
appleLogin.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package appleLogin
import (
"crypto/x509"
"encoding/json"
"encoding/pem"
"errors"
"fmt"
"io/ioutil"
"net/url"
"time"
"github.com/dgrijalva/jwt-go"
"github.com/parnurzeal/gorequest"
)
// AppleConfig Main struct of the package
type AppleConfig struct {
TeamID string //Your Apple Team ID
ClientID string //Your Service which enable sign-in-with-apple service
RedirectURI string //Your RedirectURI config in apple website
KeyID string //Your Secret Key ID
AESCert interface{} //Your Secret Key Created By X509 package
}
// AppleAuthToken main response of apple REST-API
type AppleAuthToken struct {
AccessToken string `json:"access_token"` //AccessToken
ExpiresIn int64 `json:"expires_in"` //Expires in
IDToken string `json:"id_token"` //ID token
RefreshToken string `json:"refresh_token"` //RF token
TokenType string `json:"token_type"` //Token Type
}
const AppleAuthURL = "https://appleid.apple.com/auth/token" //the auth URL of apple
const AppleGrantType = "authorization_code" //the grant type of apple auth
//LoadP8CertByByte use x509.ParsePKCS8PrivateKey to Parse cert file
func (a *AppleConfig) LoadP8CertByByte(str []byte) (err error) {
block, _ := pem.Decode([]byte(str))
cert, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return
}
a.AESCert = cert
return nil
}
//LoadP8CertByFile load file and Parse it
func (a *AppleConfig) LoadP8CertByFile(path string) (err error) {
b, err := ioutil.ReadFile(path)
if err != nil {
return
}
return a.LoadP8CertByByte([]byte(b))
}
//InitAppleConfig init a new Client of this pkg
func InitAppleConfig(teamID string, clientID string, redirectURI string, keyID string) *AppleConfig {
return &AppleConfig{
teamID,
clientID,
redirectURI,
keyID,
nil,
}
}
//CreateCallbackURL create a callback URL for frontend
func (a *AppleConfig) CreateCallbackURL(state string) string {
u := url.Values{}
u.Add("response_type", "code")
u.Add("redirect_uri", a.RedirectURI)
u.Add("client_id", a.ClientID)
u.Add("state", state)
u.Add("scope", "name email")
return "https://appleid.apple.com/auth/authorize?" + u.Encode()
}
//input your code and expire-time to get AccessToken of apple
func (a *AppleConfig) GetAppleToken(code string, expireTime int64) (*AppleAuthToken, error) {
//test cert
if a.AESCert == nil {
return nil, errors.New("missing cert")
}
//set jwt
token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{
"iss": a.TeamID,
"iat": time.Now().Unix(),
"exp": time.Now().Unix() + expireTime,
"aud": "https://appleid.apple.com",
"sub": a.ClientID,
})
//set JWT header
token.Header = map[string]interface{}{
"kid": a.KeyID,
"alg": "ES256",
}
//make JWT sign
tokenString, _ := token.SignedString(a.AESCert)
v := url.Values{}
v.Set("client_id", a.ClientID)
v.Set("client_secret", tokenString)
v.Set("code", code)
v.Set("grant_type", AppleGrantType)
v.Set("redirect_uri", a.RedirectURI)
vs := v.Encode()
//send request
resp, body, err2 := gorequest.New().Post("https://appleid.apple.com/auth/token").Type("urlencoded").Send(vs).End()
if err2 != nil {
return nil, fmt.Errorf(fmt.Sprint(err2))
}
//check response
if resp.StatusCode != 200 {
return nil, errors.New("post failed : resp code is not 200")
}
t := new(AppleAuthToken)
err := json.Unmarshal([]byte(body), t)
if err != nil {
return nil, err
}
return t, nil
}