README
¶
Sign in with Apple Golang client library
Early version may be unstable
Install
go get -u github.com/albenik-go/apple-sign-in
Test server
Very usefull with ngrok
Run:
go run github.com/albenik-go/apple-sign-in/cmd/test-server -aud <audience> -team <team_id> -client <client_id> -key <key_id> -keyfile <pem_file_path> -redirect https://<ngrok_subdomain>.ngrok.io/callback
Then open http://localhost:8080 and follow instructions
Resources
- Sign in with Apple official documentation
- What the Heck is Sign In with Apple? by {okta}
- Ngrok — Secure introspectable tunnels to localhost
Documentation
¶
Index ¶
- Constants
- Variables
- func WithBaseURL(u string) func(*Client)
- func WithHTTPClient(h *http.Client) func(*Client)
- func WithJWKProxy(p jwkproxy.Interface) func(*Client)
- func WithJWTParser(p *jwt.Parser) func(*Client)
- type Client
- func (c *Client) AuthURL(mode string, scopes []string, state, nonce string) string
- func (c *Client) ParseIDToken(token string) (*IDTokenClaims, error)
- func (c *Client) ParseIDTokenContext(ctx context.Context, token string) (*IDTokenClaims, error)
- func (c *Client) ValidateCode(code, nonce string, exp time.Duration) (*TokenResponse, error)
- func (c *Client) ValidateCodeContext(ctx context.Context, code, nonce string, exp time.Duration) (*TokenResponse, error)
- func (c *Client) ValidateRefreshToken(token string, exp time.Duration) (*TokenResponse, error)
- func (c *Client) ValidateRefreshTokenContext(ctx context.Context, token string, exp time.Duration) (*TokenResponse, error)
- type ErrorResponse
- type FlexBool
- type IDTokenClaims
- type TokenResponse
Constants ¶
View Source
const ( MaxExpiration = 15777000 * time.Second // half a year ResponseModeQuery = "query" ResponseModePost = "form_post" ScopeEmail = "email" ScopeName = "name" )
View Source
const ( ReasonInvalidRequest = "invalid_request" ReasonInvalidClient = "invalid_client" ReasonInvalidGrant = "invalid_grant" ReasonUnsupportedGrantType = "unsupported_grant_type" ReasonInvalidScope = "invalid_scope" )
Variables ¶
Functions ¶
func WithBaseURL ¶
func WithHTTPClient ¶
func WithJWKProxy ¶
func WithJWTParser ¶
func WithJWTParser(p *jwt.Parser) func(*Client)
Types ¶
type Client ¶
type Client struct {
RedirectURL string
// contains filtered or unexported fields
}
func (*Client) ParseIDToken ¶
func (c *Client) ParseIDToken(token string) (*IDTokenClaims, error)
func (*Client) ParseIDTokenContext ¶
func (*Client) ValidateCode ¶
func (*Client) ValidateCodeContext ¶
func (*Client) ValidateRefreshToken ¶
func (*Client) ValidateRefreshTokenContext ¶
type ErrorResponse ¶
type ErrorResponse struct {
Reason string `json:"error"`
}
ErrorResponse see https://developer.apple.com/documentation/sign_in_with_apple/errorresponse.
func (*ErrorResponse) Error ¶
func (r *ErrorResponse) Error() string
type IDTokenClaims ¶
type IDTokenClaims struct {
Iss string `json:"iss"`
Sub string `json:"sub"`
Aud string `json:"aud"`
Iat int64 `json:"iat"`
Exp interface{} `json:"exp"`
Nonce string `json:"nonce,omitempty"`
NonceSupported bool `json:"nonce_supported"`
AuthTime int64 `json:"auth_time,omitempty"`
AtHash string `json:"at_hash"`
Email string `json:"email"`
EmailVerified FlexBool `json:"email_verified"` // apple returns as string "true"
EmailPrivate FlexBool `json:"is_private_email"` // apple returns as string "true"
RealUserStatus int8 `json:"real_user_status"`
}
func (*IDTokenClaims) Valid ¶
func (c *IDTokenClaims) Valid(h *jwt.ValidationHelper) error
Valid validates standard claims using jwt.ValidationHelper Validates time based claims "exp" (see: jwt.WithLeeway) Validates "aud" if present in claims. (see: jwt.WithAudience, jwt.WithoutAudienceValidation) Validates "iss" if option is provided (see: jwt.WithIssuer).
type TokenResponse ¶
type TokenResponse struct {
ExpiresIn int `json:"expires_in"`
IDToken *IDTokenClaims `json:"id_token"`
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
TokenType string `json:"token_type"`
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.