README
¶
Go Sign In With Apple
A library for validating Apple Sign In tokens generated by either the web or iOS app.
Installation
go get github.com/Timothylock/go-signin-with-apple
import "github.com/Timothylock/go-signin-with-apple/apple"
Usage
There are several example files based on your particular use case which can be found below:
Example
While it is recommended to look at the specific example file, here is validating an app token:
import "github.com/Timothylock/go-signin-with-apple/apple"
...
// Generate the client secret used to authenticate with Apple's validation servers
// Refer to the example files to see where to get secret, teamID, clientID, keyID
secret, _ := apple.GenerateClientSecret(secret, teamID, clientID, keyID)
// Generate a new validation client
client := apple.New()
vReq := apple.AppValidationTokenRequest{
ClientID: clientID,
ClientSecret: secret,
Code: "the_token_to_validate",
}
var resp apple.ValidationResponse
// Do the verification
client.VerifyAppToken(context.Background(), vReq, &resp)
unique, _ := apple.GetUniqueID(resp.IDToken)
// Voila!
fmt.Println(unique)
Generating Client Secret
Apple requires a JWT token along with your validation request to authenticate your request. A token can be generated by
calling the GenerateClientSecret function included. Check secret.go to see exactly how to obtain the
parameters required by the function. Note that your account might not have permissions to view/create service IDs and
keys required by this function.
import "github.com/Timothylock/go-signin-with-apple/apple"
...
// Your 10-character Team ID
team_id := "XXXXXXXXXX"
// Your Services ID, e.g. com.aaronparecki.services
client_id := "come.change.me"
// Find the 10-char Key ID value from the portal
key_id := "XXXXXXXXXX"
secret := `Your key that starts in -----BEGIN PRIVATE KEY-----`
secret, _ := apples.GenerateClientSecret(secret, team_id, client_id, key_id)
fmt.Println(secret)
Validating Token
To validate a token, you must create a new validation Client then call the respective Verify function.
import "github.com/Timothylock/go-signin-with-apple/apple"
...
// Generate a new validation client
client := apple.New()
vReq := apple.AppValidationTokenRequest{
ClientID: clientID,
ClientSecret: secret,
Code: "the_token_to_validate",
}
var resp apple.ValidationResponse
// Do the verification
client.VerifyAppToken(context.Background(), vReq, &resp)
Obtaining Unique Subject ID
A subject ID is included in the id_token field of the response which when decoded, has a subject that can
uniquely identify the user. A helper function is included to obtain this subject ID: GetUniqueID
import "github.com/Timothylock/go-signin-with-apple/apple"
... Code to validate token ...
reflect.TypeOf(response) // ValidationResponse
reflect.TypeOf(response.IdToken) // String
id := apple.GetUniqueID(response.IdToken)
fmt.Println(id)
Obtaining Email
Apple recently added support for the including information about the user in their response. As of right now, you have access to the following:
- email_verified - whether or not the user has validated their email with Apple
- private_email - whether or not the email is a private relay email from Apple
import "github.com/Timothylock/go-signin-with-apple/apple"
... Code to validate token ...
reflect.TypeOf(response) // ValidationResponse
reflect.TypeOf(response.IdToken) // String
claim, _ := apple.GetClaims(resp.IDToken)
email := (*claim)["email"]
emailVerified := (*claim)["email_verified"]
isPrivateEmail := (*claim)["is_private_email"]
Contributing
Make sure tests pass, submit a PR, and lets get going!
License
go-signin-with-apple is licensed under the MIT.
Directories