新的Apple登录不断抛出错误HTTP 400 Invalid_grant [英] New Apple Sign in keeps throwing Error HTTP 400 Invalid_grant
问题描述
根据苹果 doc 来针对Apple验证身份验证代码,我们需要发布到 http://appleid.apple.com/auth/token 具有以下参数:
According to apple doc to validate the auth code against Apple we need to POST to http://appleid.apple.com/auth/token with this parameters:
#!java
token = generateJWT(keyId, teamId, clientId, certificatePath);
HttpResponse<String> response = Unirest.post(authUrl)
.header("Content-Type", "application/x-www-form-urlencoded")
.field("client_id", clientId)
.field("client_secret", token)
.field("grant_type", "authorization_code")
.field("code", authorizationCode)
.asString();
其中:
-
授权码:是应用客户端提供的身份验证代码.
authorization_code: Is the auth code provided by app client.
clientId :由Apple提供
令牌:是客户机密".一个JWT使用以下代码生成:
token: is Client Secret. A JWT generate with this code:
#!java
private static String generateJWT(String keyId, String teamId, String clientId, String certificatePath) throws Exception {
if (pKey == null) {
pKey = getPrivateKey(certificatePath);
}
return Jwts.builder()
.setHeaderParam(JwsHeader.KEY_ID, keyId)
.setIssuer(teamId)
.setAudience("https://appleid.apple.com")
.setSubject(clientId)
.setExpiration(new Date(System.currentTimeMillis() + (1000 * 60 * 5)))
.setIssuedAt(new Date(System.currentTimeMillis()))
.signWith(pKey, SignatureAlgorithm.ES256)
.compact();
}
private static PrivateKey getPrivateKey(String certificatePath) throws Exception {
//read your key
try (PEMParser pemParser = new PEMParser(new FileReader(certificatePath))) {
final JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
final PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject();
final PrivateKey pKey = converter.getPrivateKey(object);
return pKey;
}
}
我们检查JWT是否包含apple所需的所有字段:
We check that, the JWT, contains all the fields needed by apple:
#!json
{
"alg": "ES256",
"typ": "JWT",
"kid": "6876D87D6"
}
{
"iat": 1578654031,
"exp": 1578740431,
"aud": "https://appleid.apple.com",
"iss": "57675576576",
"sub": "com.blahblah.client"
}
但这是问题所在.它总是使用此主体返回400 HTTP错误:
But this is the problem. It always return a 400 HTTP Error with this body:
#!json
{"error":"invalid_grant"}
从这里我们完全迷路了.我们不明白为什么代码不正确或为什么有invalid_grant错误.
From here we are completely lost. We do not understand why the code is not correct or why it has an invalid_grant error.
推荐答案
将带有错误authorizationCode
的请求发送到 https://appleid.apple.com/auth/token .确保您获得的代码与下面的快速代码示例中的代码相同.
I was only able to get the invalid_grant
error when sending requests with incorrect authorizationCode
to https://appleid.apple.com/auth/token. Make sure you get the code the same way as in the swift code sample below.
我认为此错误与client_secret
无关.当我将client_secret
从有效值更改为空字符串或某些不正确的值时,我只会收到invalid_client
错误.而当authorizationCode
和
client_secret
是错误的,我也收到invalid_client
错误.
I think this error is not about the client_secret
. When I change the client_secret
from a valid value to an empty string or some incorrect value, I just get the invalid_client
error. And when both the authorizationCode
and the
client_secret
are wrong, I also get the invalid_client
error.
这是请求所需要的:
- app_id是应用程序的捆绑包标识符
-
client_secret是使用问题中显示的信息创建的jwt令牌,并使用从中下载的私钥进行签名 developer.apple.com也在此处查看我的答案
- app_id is the bundle identifier for the app
client_secret is the jwt token you create using the information shown in the question and sign with your private key you download from developer.apple.com also see my answer here
grant_type只是字符串"authorization_code"
grant_type is just the string "authorization_code"
data = {
'client_id': app_id,
'client_secret': client_secret,
'grant_type': grant_type,
'code': authorizationCode,
}
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
}
//python example request
response = requests.request(
method='POST',
url='https://appleid.apple.com/auth/token',
data=data,
headers=headers,
)
if response.status_code == 200:
print("200")
else:
print("error")
print(response.text)
以下快速代码可用于以正确的格式获取authorizationCode
,identityToken
和userIdentifier
.
The following swift code can be used to get the authorizationCode
, identityToken
and userIdentifier
on the correct format.
func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {
if let appleIDCredential = authorization.credential as? ASAuthorizationAppleIDCredential {
let userIdentifier = appleIDCredential.user
print("userIdentifier: \(userIdentifier)")
let authorizationCode = String(data: appleIDCredential.authorizationCode!, encoding: .utf8)!
print("authorizationCode: \(authorizationCode)")
let identityToken = String(data: appleIDCredential.identityToken!, encoding: .utf8)!
print("identityToken: \(identityToken)")
}
}
这篇关于新的Apple登录不断抛出错误HTTP 400 Invalid_grant的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!