1.apple web登陆配置
2.参考文章:https://blog.csdn.net/wpf199402076118/article/details/99677412?spm=1001.2101.3001.6650.3&utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7EESLANDING%7Edefault-3-99677412-blog-118340500.pc_relevant_multi_platform_whitelistv4eslandingrelevant&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7EESLANDING%7Edefault-3-99677412-blog-118340500.pc_relevant_multi_platform_whitelistv4eslandingrelevant&utm_relevant_index=4
https://www.jianshu.com/p/6dea3d12e3e8/
3.官方文档
https://help.apple.com/developer-account/?lang=zh-cn#/devde676e696 (登陆配置)
https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple
https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens (apple的jwt验证参数生成)
验证授权授予代码
当您向验证服务器发送授权请求时,请包含以下表单数据参数:
-
client_id 标识符id
-
client_secret jwt生成的
-
code 前端授权返回
-
grant_type
-
redirect_uri
笔记
使用您的应用授权用户时,仅当应用在初始授权请求中提供 a 时才包含该参数。redirect_uri
redirect_uri
以下是通过以下方式的示例授权验证请求 URL :cURL
curl -v POST "https://appleid.apple.com/auth/token" \-H 'content-type: application/x-www-form-urlencoded' \-d 'client_id=CLIENT_ID' \-d 'client_secret=CLIENT_SECRET' \-d 'code=CODE' \-d 'grant_type=authorization_code' \-d 'redirect_uri=REDIRECT_URI'
服务器验证授权码后,端点返回身份令牌、访问令牌和刷新令牌。以下是授权验证响应示例:
{ "access_token": "adg61...67Or9", "token_type": "Bearer", "expires_in": 3600, "refresh_token": "rca7...lABoQ" "id_token": "eyJra...96sZg"}
使用刷新令牌从服务器验证用户会话并获取访问令牌。
jwt代码
public static String buildJwt(String iss, String clientId , String kid) { Map<String, Object> header = new HashMap<>(); header.put("alg", SignatureAlgorithm.ES256.getValue()); //SHA256withECDSA header.put("kid", kid); long iat = System.currentTimeMillis() / 1000; //以秒为单位 Map<String, Object> claims = new HashMap<>(); claims.put("iss", iss); claims.put("iat", iat); claims.put("exp", iat + Days.SEVEN.toStandardSeconds().getSeconds()); //设置为7天过期 claims.put("aud","https://appleid.apple.com"); //固定值
claims.put("sub", clientId); return new DefaultJwtBuilder().setHeader(header).setClaims(claims).signWith(getPrivateKey(), SignatureAlgorithm.ES256).compact();
}
/**
* 验证客户端identityToken参数
*
* @param jwt
* @return
*/
public static Pair<Boolean, String> verify(String jwt) {
AppleIdentityToken identityToken = null;
try {
identityToken = getAppleIdentityToken(jwt);
PublicKey publicKey = cache.getUnchecked(identityToken.getHeader().getKid());
if (null == publicKey) {
return Pair.of(false, "系统异常");
}
JwtParser jwtParser = Jwts.parserBuilder().setSigningKey(publicKey)
.requireAudience("com.xxx.www") //一般是项目包名称
.requireIssuer("https://appleid.apple.com") //固定值
.require("auth_time", identityToken.getIat()) //这里做了个简单的验证,如果auth_time == iat则是有效的。
.build();
Jws<Claims> claimsJws = jwtParser.parseClaimsJws(jwt);
Claims claims = claimsJws.getBody();
//验证是否过期,
if (!claims.getExpiration().before(new Date()) && StringUtils.isNotBlank(identityToken.getSub())) {
log.error("ios verify fail. exp:{}", claims.getExpiration());
return Pair.of(true, identityToken.getSub());
}
} catch (Exception e) {
log.error("verify jwt error token:{}.", identityToken, e);
}
return Pair.of(false, "验证失败");
}
原文地址:http://www.cnblogs.com/d0minic/p/16645738.html