如何从“使用Apple登录"验证代码? [英] How to verify code from "Sign In with Apple"?
问题描述
我正在尝试验证我的重定向Uri中从使用Apple登录"服务获得的代码.我使用了文档中的信息来创建帖子数据并生成"client_secret".
I'm trying to verify the code I got from the "Sign In with Apple" service on my Redirect Uri. I used the information from the documentation to create the post data and generate the "client_secret".
我得到的答复是:{"error":"invalid_client"}.
我的生成"client_secret"的函数可以在下面找到:
My functions to generate the "client_secret" can be found below:
function encode($data) {
$encoded = strtr(base64_encode($data), '+/', '-_');
return rtrim($encoded, '=');
}
function generateJWT($kid, $iss, $sub, $key) {
$header = [
'alg' => 'ES256',
'kid' => $kid
];
$body = [
'iss' => $iss,
'iat' => time(),
'exp' => time() + 3600,
'aud' => 'https://appleid.apple.com',
'sub' => $sub
];
$privKey = openssl_pkey_get_private($key);
if (!$privKey) return false;
$payload = encode(json_encode($header)).'.'.encode(json_encode($body));
$signature = '';
$success = openssl_sign($payloads, $signature, $privKey, OPENSSL_ALGO_SHA256);
if (!$success) return false;
return $payload.'.'.encode($signature);
}
在此示例中,我的变量:
My variables in this example:
$ kid 是我的私钥标识符.在此示例中为JYJ5GS7N9K.我从这里 https://developer.apple.com/account/resources/authkeys获得标识符/列表
$kid is my identifier for my private key. In this example it is JYJ5GS7N9K. I got the identifier from here https://developer.apple.com/account/resources/authkeys/list
$ iss 是我在开发人员帐户中的团队标识符.在此示例中为WGL33ABCD6.
$iss is my team identifier from my developer account. In this example it is WGL33ABCD6.
$ sub 与"client_id"具有相同的值.在此示例中,我的"client_id"是"dev.hanashi.sign-with-apple".我从此处的应用程序标识符获取了客户端ID: https://developer.apple.com/帐户/资源/标识符/列表
$sub is the same value as "client_id". My "client_id" in this example is "dev.hanashi.sign-in-with-apple". I got the client id from the app identifiers here: https://developer.apple.com/account/resources/identifiers/list
$ key 是我通过开发人员帐户生成的私钥.密钥的格式如下:
$key is my generated private key by developer account. The key has format like this:
-----BEGIN PRIVATE KEY-----
myrandomgeneratedkeybyappledeveloperaccount
-----END PRIVATE KEY-----
这是发出请求的php代码:
This is the php code to make the request:
$key = <<<EOD
-----BEGIN PRIVATE KEY-----
myrandomgeneratedkeybyappledeveloperaccount
-----END PRIVATE KEY-----
EOD; // replaced with correct key
$kid = 'JYJ5GS7N9K'; // identifier for private key
$iss = 'WGL33ABCD6'; // team identifier
$sub = 'dev.hanashi.sign-in-with-apple'; // my app id
$jwt = generateJWT($kid, $iss, $sub, $key);
$data = [
'client_id' => $sub,
'client_secret' => $jwt,
'code' => $_POST['code'],
'grant_type' => 'authorization_code',
'request_uri' => 'https://myurl.tld/redirect.php'
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://appleid.apple.com/auth/token');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1090.0 Safari/536.6');
$serverOutput = curl_exec($ch);
curl_close ($ch);
echo $serverOutput;
我现在从苹果服务器获得响应{"error":"invalid_client"}.我究竟做错了什么?可能是我生成的JWT令牌错误吗?
I get now the response {"error":"invalid_client"} from the apple server. What am I doing wrong? Could it be that I'm generating the JWT token wrong?
推荐答案
对我来说,问题是我忘了在Apple开发人员门户的服务ID"部分下验证我的域.
The problem for me was that I forgot to verify my domain under the Service Id section of the Apple dev portal.
您需要下载他们给您的密钥,然后将其上传到: https://example.com/.well-known/apple-developer -domain-association.txt
You need to download the key they give you, and upload it to: https://example.com/.well-known/apple-developer-domain-association.txt
该网站不会自动进行验证,您必须单击验证"按钮并在域旁边显示一个绿色的勾号以确保.之后,我再也没有invalid_client问题.
The website doesn't verify automatically, you have to click the verify button and get a green tick next to the domain to be sure. After this, I had no more invalid_client issues.
这篇关于如何从“使用Apple登录"验证代码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
