Apple授权登录校验
目录
github & composer
composer require "simplephp/sign-in-with-apple:1.0.*" -vvv
1. 本地验证(验证 identityToken)
代码如下(示例):
<?php
// localAuthCode 方法来本地验证(本地验证无法拿到 access_token/refresh_token等信息,无法主动取消授权)
$identityToken = 'xxxx';
$clientID = 'com.xxxx.xxx';// app bundle id
$teamID = 'xxxxxxxxxxx'; // 苹果开发中心(https://developer.apple.com/) => Membership => team ID
$keyID = 'xxxxxxxxxxxx'; // 苹果开发中心(https://developer.apple.com/) => 在“Certificates, Identifiers & Profiles (英文)”(证书、标识符和描述文件) 中,从侧边栏中选择“Identifiers”(标识符), 在证书配置管理中心,配置Sign In with Apple功能 => 创建则会得到一个私钥,该文件为”AuthKey_{Kid}.p8”,注意保存,其中页面中还有 Key ID
// AuthKey_{Kid}.p8 密钥 转化为 .pem 格式密钥, openssl pkcs8 -in AuthKey_KEY_ID.p8 -nocrypt -out AuthKey_KEY_ID.pem
$privateKey = <<<EOD
-----BEGIN PRIVATE KEY-----
xxxxx+9hwuxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
gHr0Wf+7X8Zr2i8XjxxLFY4U/9j/x/xx+cQl7OA/oQaV
AUaUQ8mo
-----END PRIVATE KEY-----
EOD;
$authorize = new \Simplephp\Apple\Authorize($clientID, $teamID, $keyID, $privateKey);
$data = $authorize->localAuthCode($identityToken);
# 结果
{
["iss"]=>
string(25) "https://appleid.apple.com"
["aud"]=>
string(23) "com.ireadercity.weather"
["exp"]=>
int(1656387325)
["iat"]=>
int(1656300925)
["sub"]=>
string(44) "001505.15c7662da87c48cca328fba2f6304088.0209"
["c_hash"]=>
string(22) "lZC-q2D_iRhav0j7-NOfiA"
["email"]=>
string(21) "tzqiang1118@gmail.com"
["email_verified"]=>
string(4) "true"
["auth_time"]=>
int(1656300925)
["nonce_supported"]=>
bool(true)
}
2. 远程校验(验证authorizationCode)
代码如下(示例):
<?php
// localAuthCode 方法来本地验证(本地验证无法拿到 access_token/refresh_token等信息,无法主动取消授权)
$authorizationCode = 'xxxx';
$clientID = 'com.xxxx.xxx';// app bundle id
$teamID = 'xxxxxxxxxxx'; // 苹果开发中心(https://developer.apple.com/) => Membership => team ID
$keyID = 'xxxxxxxxxxxx'; // 苹果开发中心(https://developer.apple.com/) => 在“Certificates, Identifiers & Profiles (英文)”(证书、标识符和描述文件) 中,从侧边栏中选择“Identifiers”(标识符), 在证书配置管理中心,配置Sign In with Apple功能 => 创建则会得到一个私钥,该文件为”AuthKey_{Kid}.p8”,注意保存,其中页面中还有 Key ID
// AuthKey_{Kid}.p8 密钥 转化为 .pem 格式密钥, openssl pkcs8 -in AuthKey_KEY_ID.p8 -nocrypt -out AuthKey_KEY_ID.pem
$privateKey = <<<EOD
-----BEGIN PRIVATE KEY-----
xxxxx+9hwuxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
gHr0Wf+7X8Zr2i8XjxxLFY4U/9j/x/xx+cQl7OA/oQaV
AUaUQ8mo
-----END PRIVATE KEY-----
EOD;
$authorize = new \Simplephp\Apple\Authorize($clientID, $teamID, $keyID, $privateKey);
$data = $authorize->remoteAuthCode($authorizationCode);
# 结果
array(5) {
["access_token"]=>
string(64) "xxxx.0.rrvqv.xxx"
["token_type"]=>
string(6) "Bearer"
["expires_in"]=>
int(3600)
["refresh_token"]=>
string(64) "xxx.0.rrvqv.xxx"
["id_token"]=>
array(11) {
["iss"]=>
string(25) "https://appleid.apple.com"
["aud"]=>
string(23) "com.xxx.xxx"
["exp"]=>
int(1656399407)
["iat"]=>
int(1656313007)
["sub"]=>
string(44) "001505.xxxxx.0209"
["at_hash"]=>
string(22) "vvEn3RVpGngAm4EKWrLeJw"
["email"]=>
string(21) "xxxxx@gmail.com"
["email_verified"]=>
string(4) "true"
["auth_time"]=>
int(1656312972)
["nonce_supported"]=>
bool(true)
["real_user_status"]=>
int(2)
}
}
3. 刷新 access_token(refreshToken)
代码如下(示例):
<?php
// localAuthCode 方法来本地验证(本地验证无法拿到 access_token/refresh_token等信息,无法主动取消授权)
$refreshToken = 'xxxx';
$clientID = 'com.xxxx.xxx';// app bundle id
$teamID = 'xxxxxxxxxxx'; // 苹果开发中心(https://developer.apple.com/) => Membership => team ID
$keyID = 'xxxxxxxxxxxx'; // 苹果开发中心(https://developer.apple.com/) => 在“Certificates, Identifiers & Profiles (英文)”(证书、标识符和描述文件) 中,从侧边栏中选择“Identifiers”(标识符), 在证书配置管理中心,配置Sign In with Apple功能 => 创建则会得到一个私钥,该文件为”AuthKey_{Kid}.p8”,注意保存,其中页面中还有 Key ID
// AuthKey_{Kid}.p8 密钥 转化为 .pem 格式密钥, openssl pkcs8 -in AuthKey_KEY_ID.p8 -nocrypt -out AuthKey_KEY_ID.pem
$privateKey = <<<EOD
-----BEGIN PRIVATE KEY-----
xxxxx+9hwuxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
gHr0Wf+7X8Zr2i8XjxxLFY4U/9j/x/xx+cQl7OA/oQaV
AUaUQ8mo
-----END PRIVATE KEY-----
EOD;
$authorize = new \Simplephp\Apple\Authorize($clientID, $teamID, $keyID, $privateKey);
$data = $authorize->refreshAccessToken($refreshToken);
# 结果
array(4) {
["access_token"]=>
string(64) "xx.0.rrvqv.xxx"
["token_type"]=>
string(6) "Bearer"
["expires_in"]=>
int(3600)
["id_token"]=>
string(713) "xxxx.xxxx.xx-xxx-xxx"
}
array(4) {
["access_token"]=>
string(64) "xxx.0.rrvqv.xxx"
["token_type"]=>
string(6) "Bearer"
["expires_in"]=>
int(3600)
["id_token"]=>
array(8) {
["iss"]=>
string(25) "https://appleid.apple.com"
["aud"]=>
string(23) "com.xxxx.xxxx"
["exp"]=>
int(1656395074)
["iat"]=>
int(1656308674)
["sub"]=>
string(44) "001505.xxx.0209"
["at_hash"]=>
string(22) "YKKuBovtjP_BJvzPPPk1wQ"
["email"]=>
string(21) "xxx@gmail.com"
["email_verified"]=>
string(4) "true"
}
}
4. 移除授权(refresh_token 或 access_token 类型和值一一对应(remoteAuthCode接口返回))
代码如下(示例):
<?php
// localAuthCode 方法来本地验证(本地验证无法拿到 access_token/refresh_token等信息,无法主动取消授权)
$accessToken = 'xxxx';
$clientID = 'com.xxxx.xxx';// app bundle id
$teamID = 'xxxxxxxxxxx'; // 苹果开发中心(https://developer.apple.com/) => Membership => team ID
$keyID = 'xxxxxxxxxxxx'; // 苹果开发中心(https://developer.apple.com/) => 在“Certificates, Identifiers & Profiles (英文)”(证书、标识符和描述文件) 中,从侧边栏中选择“Identifiers”(标识符), 在证书配置管理中心,配置Sign In with Apple功能 => 创建则会得到一个私钥,该文件为”AuthKey_{Kid}.p8”,注意保存,其中页面中还有 Key ID
// AuthKey_{Kid}.p8 密钥 转化为 .pem 格式密钥, openssl pkcs8 -in AuthKey_KEY_ID.p8 -nocrypt -out AuthKey_KEY_ID.pem
$privateKey = <<<EOD
-----BEGIN PRIVATE KEY-----
xxxxx+9hwuxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
gHr0Wf+7X8Zr2i8XjxxLFY4U/9j/x/xx+cQl7OA/oQaV
AUaUQ8mo
-----END PRIVATE KEY-----
EOD;
$authorize = new \Simplephp\Apple\Authorize($clientID, $teamID, $keyID, $privateKey);
$data = $authorize->revokeToken($accessToken);
###结果
// 请求apple成功后,不管apple 取消授权成功或失败都是返回空数组 无法判定(可忽略)
array(0) {
}