Documentation ¶
Index ¶
- Variables
- func NewPublicKey(key JWK) (*rsa.PublicKey, error)
- type Client
- func (c *Client) Authenticate(ctx context.Context, authCode string) (*TokenResponse, error)
- func (c *Client) CreateCallbackURL(state string) string
- func (c *Client) FetchPublicKeys() (*JWKSet, error)
- func (c *Client) LoadP8CertByByte(data []byte) error
- func (c *Client) LoadP8CertByFile(path string) error
- func (c *Client) ParseUserIdentity(t string) (*UserIdentity, error)
- func (c *Client) Refresh(ctx context.Context, refreshToken string) (*TokenResponse, error)
- func (c *Client) SetPublicKeys(jwkSet *JWKSet) error
- func (c *Client) ValidateToken(t string) error
- type ClientOption
- type ClientOptionFunc
- type ClientSettings
- type Config
- type ErrorResponse
- type JWK
- type JWKSet
- type TokenResponse
- type UserIdentity
Constants ¶
This section is empty.
Variables ¶
var ( // ErrMissingCert returned, if certificate is missing. ErrMissingCert = errors.New("cert for client not set") // ErrFetchPublicKey returned, if client failed fetching public key. ErrFetchPublicKey = errors.New("can't fetch apple public key") // ErrInvalidToken returned, if token is not valid. ErrInvalidToken = errors.New("invalid token") ErrRemoveUnavailable = errors.New("remove is not available") )
Functions ¶
Types ¶
type Client ¶
type Client struct { TeamID string // Your Apple Team ID. ClientID string // Your Service which enable sign-in-with-apple service. KeyID string // Your Secret Key ID. AESCert interface{} // Your Secret Key Created By X509 package. RedirectURI string // Your RedirectURI config in apple website. TokenTTL int64 // contains filtered or unexported fields }
Client for interaction with apple-id service.
func NewClient ¶
func NewClient(opts ...ClientOption) (*Client, error)
NewClient returns new client for interaction with apple-id service.
func (*Client) Authenticate ¶
Authenticate with auth token. Documentation:
Response: https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse Error: https://developer.apple.com/documentation/sign_in_with_apple/errorresponse
func (*Client) CreateCallbackURL ¶
CreateCallbackURL returns a callback URL for frontend. state: session ID of the user that Apple will return when
redirect_uri is called so that we can verify the sender.
func (*Client) FetchPublicKeys ¶
FetchPublicKeys to verify the ID token signature. https://developer.apple.com/documentation/sign_in_with_apple/fetch_apple_s_public_key_for_verifying_token_signature
func (*Client) LoadP8CertByByte ¶
LoadP8CertByByte use x509.ParsePKCS8PrivateKey to Parse cert file.
func (*Client) LoadP8CertByFile ¶
LoadP8CertByFile load file and parse it.
func (*Client) ParseUserIdentity ¶
func (c *Client) ParseUserIdentity(t string) (*UserIdentity, error)
func (*Client) Refresh ¶
Refresh access token. Documentation:
Response: https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse Error: https://developer.apple.com/documentation/sign_in_with_apple/errorresponse
func (*Client) SetPublicKeys ¶ added in v0.0.5
SetPublicKeys gives ability to manually set the public keys.
func (*Client) ValidateToken ¶
type ClientOption ¶
type ClientOption interface {
Apply(*ClientSettings)
}
ClientOption is an interface for applying client options.
func WithCredentials ¶
func WithCredentials(teamID, clientID, keyID string) ClientOption
WithCredentials sets specified creds to ClientOptions.
func WithHTTPClient ¶
func WithHTTPClient(client *http.Client) ClientOption
WithHTTPClient sets specified client to ClientOptions.
func WithRedirectURI ¶
func WithRedirectURI(uri string) ClientOption
WithRedirectURI sets specified uri to ClientOptions.
func WithTokenTTL ¶
func WithTokenTTL(ttl int64) ClientOption
WithTokenTTL sets specified ttl to ClientOptions.
type ClientOptionFunc ¶
type ClientOptionFunc func(*ClientSettings)
ClientOptionFunc implements ClientOption interface using func trick.
func (ClientOptionFunc) Apply ¶
func (f ClientOptionFunc) Apply(settings *ClientSettings)
Apply applies changes for ClientSettings.
type ClientSettings ¶
type ClientSettings struct { HTTPClient *http.Client TokenTTL *int64 RedirectURI *string TeamID string ClientID string KeyID string }
ClientSettings represents settings for creation of new client.
type Config ¶
type Config struct { TeamID string // Your Apple Team ID obtained from Apple Developer Account. ClientID string // Your Service which enable sign-in-with-apple service. KeyID string // Your Secret Key ID obtained from Apple Developer Account. }
Config for creating new Client.
type ErrorResponse ¶
type ErrorResponse struct { // A string that describes the reason for the unsuccessful request. // The string consists of a single allowed value. Err string `json:"error"` }
ErrorResponse is error object returned after an unsuccessful request.
func (ErrorResponse) Error ¶
func (e ErrorResponse) Error() string
type JWK ¶
type JWK struct { Algorithm string `json:"alg"` // The encryption algorithm used to encrypt the token. E string `json:"e"` // The exponent value for the RSA public key. KeyID string `json:"kid"` // A 10-character identifier key. KeyType string `json:"kty"` // The key type parameter setting. This must be set to "RSA". N string `json:"n"` // The modulus value for the RSA public key. Use string `json:"use"` // The intended use for the public key. PublicKey *rsa.PublicKey `json:"-"` }
JWK represents an object that defines a single JSON Web Key. https://developer.apple.com/documentation/sign_in_with_apple/jwkset/keys
type JWKSet ¶
type JWKSet struct {
Keys []JWK `json:"keys"`
}
JWKSet represents a set of JSON Web Key objects. https://developer.apple.com/documentation/sign_in_with_apple/jwkset
type TokenResponse ¶
type TokenResponse struct { // (Reserved for future use) A token used to access allowed data. // Currently, no data set has been defined for access. AccessToken string `json:"access_token"` // The amount of time, in seconds, before the access token expires. ExpiresIn int64 `json:"expires_in"` // A JSON Web Token that contains the user’s identity information. IDToken string `json:"id_token"` UserIdentity UserIdentity `json:"-"` // Parsed IDToken. // The refresh token used to regenerate new access tokens. // Store this token securely on your server. RefreshToken string `json:"refresh_token"` // The type of access token. It will always be `bearer`. TokenType string `json:"token_type"` }
TokenResponse represents the object returned on a successful request. https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse
type UserIdentity ¶
type UserIdentity struct { // The unique identifier for the user. ID string `json:"sub"` // The user's email address. Email string `json:"email"` // A Boolean value that indicates whether the service has verified the email. // The value of this claim is always true because the servers only return verified email addresses. EmailVerified bool `json:"email_verified,string"` // The expiry time for the token. This value is typically set to five minutes. ExpiresAt int64 `json:"exp"` // The time the token was issued. IssuedAt int64 `json:"iat"` // A String value used to associate a client session and an ID token. This value is used to // mitigate replay attacks and is present only if passed during the authorization request. Nonce int64 `json:"nonce"` // A Boolean value that indicates whether the transaction is on a nonce-supported platform. // If you sent a nonce in the authorization request but do not see the nonce claim in the // ID token, check this claim to determine how to proceed. If this claim returns true you // should treat nonce as mandatory and fail the transaction; otherwise, you can proceed // treating the nonce as optional. NonceSupported bool `json:"nonce_supported"` }
UserIdentity represents parsed user entity returned by apple.