apple

package module

v0.0.5 Latest Latest Go to latest Published: Feb 25, 2021 License: MIT Imports: 18 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jmind-systems/go-apple-signin

Links

Open Source Insights

README ¶

🍎 Golang client for Sign in with Apple.

Install it with command below

go get github.com/jmind-systems/go-apple-signin

You can take a look and inspire by following examples

Example

package main

import (
    "fmt"
    "os"
    "time"

    "github.com/jmind-systems/go-apple-signin"
)

func main() {
    // Pass credentials: team_id, client_id and key_id.
    opts := apple.WithCredentials("x", "y", "z")

    // Create the client.
    client, err := apple.NewClient(opts)
    if err != nil {
        return nil, err
    }

    // Load your p8 key into the client.
    if err := client.LoadP8CertByByte([]byte("")); err != nil {
        return nil, err
    }

    // Now client is ready.
    resp, err := p.client.Authenticate(ctx, "xxx-xxx")
    if err != nil {
        return nil, err
    }
}

License

Project released under the terms of the MIT license.

Documentation ¶

Index ¶

Variables
func NewPublicKey(key JWK) (*rsa.PublicKey, error)
type Client
- func NewClient(opts ...ClientOption) (*Client, error)
type ClientOption
type ClientOptionFunc
- func (f ClientOptionFunc) Apply(settings *ClientSettings)
type ClientSettings
type Config
type ErrorResponse
- func (e ErrorResponse) Error() string
type JWK
type JWKSet
- func (set JWKSet) Get(kid string) (*JWK, error)
type TokenResponse
type UserIdentity

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrMissingCert returned, if certificate is missing.
	ErrMissingCert = errors.New("cert for client not set")

	// ErrFetchPublicKey returned, if client failed fetching public key.
	ErrFetchPublicKey = errors.New("can't fetch apple public key")

	// ErrInvalidToken returned, if token is not valid.
	ErrInvalidToken = errors.New("invalid token")

	// ErrRemoveUnavailable returned, if remove server is not available.
	ErrRemoveUnavailable = errors.New("remove is not available")
)

Functions ¶

func NewPublicKey ¶

func NewPublicKey(key JWK) (*rsa.PublicKey, error)

NewPublicKey creates returns public key from JWK.

Types ¶

type Client ¶

type Client struct {
	TeamID      string      // Your Apple Team ID.
	ClientID    string      // Your Service which enable sign-in-with-apple service.
	KeyID       string      // Your Secret Key ID.
	AESCert     interface{} // Your Secret Key Created By X509 package.
	RedirectURI string      // Your RedirectURI config in apple website.
	TokenTTL    int64
	// contains filtered or unexported fields
}

Client for interaction with apple-id service.

func NewClient ¶

func NewClient(opts ...ClientOption) (*Client, error)

NewClient returns new client for interaction with apple-id service.

func (*Client) Authenticate ¶

func (c *Client) Authenticate(ctx context.Context, authCode string) (*TokenResponse, error)

Authenticate with auth token. Documentation:

Response: https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse
Error: https://developer.apple.com/documentation/sign_in_with_apple/errorresponse

func (*Client) CreateCallbackURL ¶

func (c *Client) CreateCallbackURL(state string) string

CreateCallbackURL returns a callback URL for frontend. state: session ID of the user that Apple will return when

redirect_uri is called so that we can verify the sender.

func (*Client) FetchPublicKeys ¶

func (c *Client) FetchPublicKeys() (*JWKSet, error)

FetchPublicKeys to verify the ID token signature. https://developer.apple.com/documentation/sign_in_with_apple/fetch_apple_s_public_key_for_verifying_token_signature

func (*Client) LoadP8CertByByte ¶

func (c *Client) LoadP8CertByByte(data []byte) error

LoadP8CertByByte use x509.ParsePKCS8PrivateKey to Parse cert file.

func (*Client) LoadP8CertByFile ¶

func (c *Client) LoadP8CertByFile(path string) error

LoadP8CertByFile load file and parse it.

func (*Client) ParseUserIdentity ¶

func (c *Client) ParseUserIdentity(t string) (*UserIdentity, error)

func (*Client) Refresh ¶

func (c *Client) Refresh(ctx context.Context, refreshToken string) (*TokenResponse, error)

Refresh access token. Documentation:

Response: https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse
Error: https://developer.apple.com/documentation/sign_in_with_apple/errorresponse

func (*Client) SetPublicKeys ¶ added in v0.0.5

func (c *Client) SetPublicKeys(jwkSet *JWKSet) error

SetPublicKeys gives ability to manually set the public keys.

func (*Client) ValidateToken ¶

func (c *Client) ValidateToken(t string) error

type ClientOption ¶

type ClientOption interface {
	Apply(*ClientSettings)
}

ClientOption is an interface for applying client options.

func WithCredentials ¶

func WithCredentials(teamID, clientID, keyID string) ClientOption

WithCredentials sets specified creds to ClientOptions.

func WithHTTPClient ¶

func WithHTTPClient(client *http.Client) ClientOption

WithHTTPClient sets specified client to ClientOptions.

func WithRedirectURI ¶

func WithRedirectURI(uri string) ClientOption

WithRedirectURI sets specified uri to ClientOptions.

func WithTokenTTL ¶

func WithTokenTTL(ttl int64) ClientOption

WithTokenTTL sets specified ttl to ClientOptions.

type ClientOptionFunc ¶

type ClientOptionFunc func(*ClientSettings)

ClientOptionFunc implements ClientOption interface using func trick.

func (ClientOptionFunc) Apply ¶

func (f ClientOptionFunc) Apply(settings *ClientSettings)

Apply applies changes for ClientSettings.

type ClientSettings ¶

type ClientSettings struct {
	HTTPClient  *http.Client
	TokenTTL    *int64
	RedirectURI *string

	TeamID   string
	ClientID string
	KeyID    string
}

ClientSettings represents settings for creation of new client.

type Config ¶

type Config struct {
	TeamID   string // Your Apple Team ID obtained from Apple Developer Account.
	ClientID string // Your Service which enable sign-in-with-apple service.
	KeyID    string // Your Secret Key ID obtained from Apple Developer Account.
}

Config for creating new Client.

type ErrorResponse ¶

type ErrorResponse struct {
	// A string that describes the reason for the unsuccessful request.
	// The string consists of a single allowed value.
	Err string `json:"error"`
}

ErrorResponse is error object returned after an unsuccessful request.

func (ErrorResponse) Error ¶

func (e ErrorResponse) Error() string

type JWK ¶

type JWK struct {
	Algorithm string `json:"alg"` // The encryption algorithm used to encrypt the token.
	E         string `json:"e"`   // The exponent value for the RSA public key.
	KeyID     string `json:"kid"` // A 10-character identifier key.
	KeyType   string `json:"kty"` // The key type parameter setting. This must be set to "RSA".
	N         string `json:"n"`   // The modulus value for the RSA public key.
	Use       string `json:"use"` // The intended use for the public key.

	PublicKey *rsa.PublicKey `json:"-"`
}

JWK represents an object that defines a single JSON Web Key. https://developer.apple.com/documentation/sign_in_with_apple/jwkset/keys

type JWKSet ¶

type JWKSet struct {
	Keys []JWK `json:"keys"`
}

JWKSet represents a set of JSON Web Key objects. https://developer.apple.com/documentation/sign_in_with_apple/jwkset

func (JWKSet) Get ¶

func (set JWKSet) Get(kid string) (*JWK, error)

Get returns JWK by it's unique ID.

type TokenResponse ¶

type TokenResponse struct {
	// (Reserved for future use) A token used to access allowed data.
	// Currently, no data set has been defined for access.
	AccessToken string `json:"access_token"`

	// The amount of time, in seconds, before the access token expires.
	ExpiresIn int64 `json:"expires_in"`

	// A JSON Web Token that contains the user’s identity information.
	IDToken      string       `json:"id_token"`
	UserIdentity UserIdentity `json:"-"` // Parsed IDToken.

	// The refresh token used to regenerate new access tokens.
	// Store this token securely on your server.
	RefreshToken string `json:"refresh_token"`

	// The type of access token. It will always be `bearer`.
	TokenType string `json:"token_type"`
}

TokenResponse represents the object returned on a successful request. https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse

type UserIdentity ¶

type UserIdentity struct {
	// The unique identifier for the user.
	ID string `json:"sub"`

	// The user's email address.
	Email string `json:"email"`

	// A Boolean value that indicates whether the service has verified the email.
	// The value of this claim is always true because the servers only return verified email addresses.
	EmailVerified bool `json:"email_verified,string"`

	// The expiry time for the token. This value is typically set to five minutes.
	ExpiresAt int64 `json:"exp"`

	// The time the token was issued.
	IssuedAt int64 `json:"iat"`

	// A String value used to associate a client session and an ID token. This value is used to
	// mitigate replay attacks and is present only if passed during the authorization request.
	Nonce int64 `json:"nonce"`

	// A Boolean value that indicates whether the transaction is on a nonce-supported platform.
	// If you sent a nonce in the authorization request but do not see the nonce claim in the
	// ID token, check this claim to determine how to proceed. If this claim returns true you
	// should treat nonce as mandatory and fail the transaction; otherwise, you can proceed
	// treating the nonce as optional.
	NonceSupported bool `json:"nonce_supported"`
}

UserIdentity represents parsed user entity returned by apple.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL