<i id='ljn2z'><tr id='ljn2z'><dt id='ljn2z'><q id='ljn2z'><span id='ljn2z'><b id='ljn2z'><form id='ljn2z'><ins id='ljn2z'></ins><ul id='ljn2z'></ul><sub id='ljn2z'></sub></form><legend id='ljn2z'></legend><bdo id='ljn2z'><pre id='ljn2z'><center id='ljn2z'></center></pre></bdo></b><th id='ljn2z'></th></span></q></dt></tr></i><div id='ljn2z'><tfoot id='ljn2z'></tfoot><dl id='ljn2z'><fieldset id='ljn2z'></fieldset></dl></div>

    <legend id='ljn2z'><style id='ljn2z'><dir id='ljn2z'><q id='ljn2z'></q></dir></style></legend>

    1. <tfoot id='ljn2z'></tfoot>

        • <bdo id='ljn2z'></bdo><ul id='ljn2z'></ul>

        <small id='ljn2z'></small><noframes id='ljn2z'>

      1. 如何验证来自“Sign In with Apple"的代码?

        时间:2023-12-01

            <tbody id='dghFo'></tbody>
            <bdo id='dghFo'></bdo><ul id='dghFo'></ul>
            <i id='dghFo'><tr id='dghFo'><dt id='dghFo'><q id='dghFo'><span id='dghFo'><b id='dghFo'><form id='dghFo'><ins id='dghFo'></ins><ul id='dghFo'></ul><sub id='dghFo'></sub></form><legend id='dghFo'></legend><bdo id='dghFo'><pre id='dghFo'><center id='dghFo'></center></pre></bdo></b><th id='dghFo'></th></span></q></dt></tr></i><div id='dghFo'><tfoot id='dghFo'></tfoot><dl id='dghFo'><fieldset id='dghFo'></fieldset></dl></div>
            1. <tfoot id='dghFo'></tfoot>

                <legend id='dghFo'><style id='dghFo'><dir id='dghFo'><q id='dghFo'></q></dir></style></legend>

                  <small id='dghFo'></small><noframes id='dghFo'>

                  本文介绍了如何验证来自“Sign In with Apple"的代码?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  我正在尝试验证我从重定向 Uri 上的使用 Apple 登录"服务获得的代码.我使用

                  2020.07 更新

                  随着流程发生变化,您只需将域和通信电子邮件添加到:

                  证书、标识符和简介 >更多 >配置

                  I'm trying to verify the code I got from the "Sign In with Apple" service on my Redirect Uri. I used the information from the documentation to create the post data and generate the "client_secret".

                  The response I'm getting is: {"error":"invalid_client"}.

                  My functions to generate the "client_secret" can be found below:

                  function encode($data) {
                      $encoded = strtr(base64_encode($data), '+/', '-_');
                      return rtrim($encoded, '=');
                  }
                  
                  function generateJWT($kid, $iss, $sub, $key) {
                      $header = [
                          'alg' => 'ES256',
                          'kid' => $kid
                      ];
                      $body = [
                          'iss' => $iss,
                          'iat' => time(),
                          'exp' => time() + 3600,
                          'aud' => 'https://appleid.apple.com',
                          'sub' => $sub
                      ];
                  
                      $privKey = openssl_pkey_get_private($key);
                      if (!$privKey) return false;
                  
                      $payload = encode(json_encode($header)).'.'.encode(json_encode($body));
                      $signature = '';
                      $success = openssl_sign($payloads, $signature, $privKey, OPENSSL_ALGO_SHA256);
                      if (!$success) return false;
                  
                      return $payload.'.'.encode($signature);
                  }
                  

                  My variables in this example:

                  $kid is my identifier for my private key. In this example it is JYJ5GS7N9K. I got the identifier from here https://developer.apple.com/account/resources/authkeys/list

                  $iss is my team identifier from my developer account. In this example it is WGL33ABCD6.

                  $sub is the same value as "client_id". My "client_id" in this example is "dev.hanashi.sign-in-with-apple". I got the client id from the app identifiers here: https://developer.apple.com/account/resources/identifiers/list

                  $key is my generated private key by developer account. The key has format like this:

                  -----BEGIN PRIVATE KEY-----
                  myrandomgeneratedkeybyappledeveloperaccount
                  -----END PRIVATE KEY-----
                  

                  This is the php code to make the request:

                  $key = <<<EOD
                  -----BEGIN PRIVATE KEY-----
                  myrandomgeneratedkeybyappledeveloperaccount
                  -----END PRIVATE KEY-----
                  EOD; // replaced with correct key
                  
                  $kid = 'JYJ5GS7N9K'; // identifier for private key
                  $iss = 'WGL33ABCD6'; // team identifier
                  $sub = 'dev.hanashi.sign-in-with-apple'; // my app id
                  
                  $jwt = generateJWT($kid, $iss, $sub, $key);
                  
                  $data = [
                      'client_id' => $sub,
                      'client_secret' => $jwt,
                      'code' => $_POST['code'],
                      'grant_type' => 'authorization_code',
                      'request_uri' => 'https://myurl.tld/redirect.php'
                  ];
                  $ch = curl_init();
                  
                  curl_setopt($ch, CURLOPT_URL, 'https://appleid.apple.com/auth/token');
                  curl_setopt($ch, CURLOPT_POST, 1);
                  curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
                  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
                  curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1090.0 Safari/536.6');
                  
                  $serverOutput = curl_exec($ch);
                  
                  curl_close ($ch);
                  echo $serverOutput;
                  

                  I get now the response {"error":"invalid_client"} from the apple server. What am I doing wrong? Could it be that I'm generating the JWT token wrong?

                  解决方案

                  The problem for me was that I forgot to verify my domain under the Service Id section of the Apple dev portal.

                  You need to download the key they give you, and upload it to: https://example.com/.well-known/apple-developer-domain-association.txt

                  The website doesn't verify automatically, you have to click the verify button and get a green tick next to the domain to be sure. After this, I had no more invalid_client issues.

                  Update 2020.07

                  As the flow was changed, you just have to add the Domain and the Communication Email to:

                  Certificates, Identifiers & Profiles > More > Configure

                  这篇关于如何验证来自“Sign In with Apple"的代码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  上一篇:PHP 中的 JWT(JSON Web 令牌),不使用 3rd-party 库.怎么签? 下一篇:如何将 JWT 添加到授权标头?

                  相关文章

                  <legend id='JEJIV'><style id='JEJIV'><dir id='JEJIV'><q id='JEJIV'></q></dir></style></legend>

                    <bdo id='JEJIV'></bdo><ul id='JEJIV'></ul>

                    <i id='JEJIV'><tr id='JEJIV'><dt id='JEJIV'><q id='JEJIV'><span id='JEJIV'><b id='JEJIV'><form id='JEJIV'><ins id='JEJIV'></ins><ul id='JEJIV'></ul><sub id='JEJIV'></sub></form><legend id='JEJIV'></legend><bdo id='JEJIV'><pre id='JEJIV'><center id='JEJIV'></center></pre></bdo></b><th id='JEJIV'></th></span></q></dt></tr></i><div id='JEJIV'><tfoot id='JEJIV'></tfoot><dl id='JEJIV'><fieldset id='JEJIV'></fieldset></dl></div>

                    <small id='JEJIV'></small><noframes id='JEJIV'>

                    1. <tfoot id='JEJIV'></tfoot>