Sign In With Apple服务器登录验证有很多问题,官方文档写的也不清不楚,网上资料不算多。
一、验证identityToken有效性和正确性
根据官方文档说明,identityToken是一个JWT算法格式,要使用JWT这个库去进行解析,解析完成后进行验证:
(1)Verify the JWS E256 signature using the server’s public key
(2)Verify the nonce for the authentication
(3)Verify that the iss field contains https://appleid.apple.com
(4)Verify that the aud field is the developer’s client_id
(5)Verify that the time is earlier than the exp value of the token
具体验证方法可以参考某个博客的一篇文章,我这边验证identityToken都是参考这篇博客
try {
$identityToken = $verifyArray['identityToken'];
$appleSignInPayload = ASDecoder::getAppleSignInPayload($identityToken);
$email = $appleSignInPayload->getEmail();
$user = $appleSignInPayload->getUser();
$userId = $verifyArray['user'];
$isValid = $appleSignInPayload->verifyUser($userId);
// print_r($isValid);
if (!$isValid){
if($errDesc ==''){
$errDesc = 'verify userId fail'