黑苹果登录apple id_充分利用Apple登录功能

黑苹果登录apple id

充分利用Apple登录功能 (Get the most out of Sign in with Apple)

🗂WWDC2020 | Session : 10173 | Category : Privacy and Security

🗂WWDC2020| 会议：10173 | 分类：隐私和安全

🔗 https://developer.apple.com/videos/play/wwdc2020/10173/

🔗https ://developer.apple.com/videos/play/wwdc2020/10173/

🔖 Sign in with Apple makes it easy for people to sign in to your apps and websites with the Apple ID they already have. Fully integrate Sign in with Apple into your app using secure requests, and by handling state changes and server notifications. We’ll also introduce new APIs that allow you to let existing users switch to Sign in with Apple quickly and easily.

with使用Apple登录可以使人们轻松使用已有的Apple ID登录您的应用和网站。 使用安全请求以及处理状态更改和服务器通知，将Apple登录完全集成到您的应用程序中。 我们还将引入新的API，使您可以让现有用户快速，轻松地切换为使用Apple登录。

Related : Introducing Sign In with Apple — WWDC19 (Introducing Sign In with Apple)

相关：与Apple一起 介绍登录 — WWDC19(与Apple一起 介绍登录 )

创建安全请求 ( Creating a secure request)

These nonce and state properties will allow you to verify that the authorization and credential you get after executing a request are the ones you were expecting.

这些nonce和state属性将使您能够验证执行请求后获得的授权和凭据是否与预期的一样。

确保您的请求 (Securing your request)

随机数 (Nonce)

The nonce is an opaque blob of data sent as a string in the request.

随机数是在请求中作为字符串发送的不透明数据块。

It is important to generate one unique nonce every time you create a new request as later on you will be able to verify this value.

每次创建新请求时都必须生成一个唯一的随机数，这一点很重要，稍后您便可以验证该值。

This will allow you to verify this value in your server, helping prevent replay attacks.

这将使您能够在服务器中验证此值，从而有助于防止重放攻击。

州 (State)

The state value is also an opaque blob of data sent with the request.

状态值也是随请求发送的不透明数据块。

Once key difference he has with the nonce value is that the state will be returned in the credential allowing you to locally match a credential to a request and verify this was generated from your application.

一旦他与nonce值的关键区别在于，将在凭证中返回状态，从而使您可以将凭证与请求本地匹配，并验证该凭证是从应用程序生成的。

响应私人电子邮件中继 (Response Private email relay)

Example on how to get a credential from an authorization

有关如何从授权中获取凭证的示例

Inside of credential you will find properties containing the user information that you requested like name and email. You will also find important properties that will allow you to securely verify the request and create a session with your servers.

在凭证内部，您将找到包含您要求的用户信息(例如名称和电子邮件)的属性。 您还将找到重要的属性，这些属性将使您可以安全地验证请求并与服务器建立会话。

验证凭证 (Verifying Credentials)

响应 (Response)

• Cache the objects locally It is important to cache the objects you need in case of the failure communicating with your server due to poor connectivity.
  在本地缓存对象重要的是，在由于连接不良而无法与服务器通信的情况下，缓存所需的对象非常重要。
• Verify the state value Make sure you verify the state value of the credential to be the same state value you previously generated.
  验证状态值确保验证证书的状态值与先前生成的状态值相同。
• Validate the information with Apple The response contains an authorization code an identity token. Send these values to your server where they can be decoded. Once decoded, verify the received information as well as session with Apple servers.
  使用Apple验证信息响应包含授权码和身份令牌。 将这些值发送到可以对其进行解码的服务器。 解码后，验证接收到的信息以及与Apple服务器的会话。

How will the entry token will look when decoded by your server

当服务器解码时，入口令牌的外观如何

• subject : A user identified that was returned to you on the authorization and will allow to create a session in your servers.

  subject ：根据授权返回给您的用户标识，将允许您在服务器中创建会话。

• nonce : Verify these to be the same nonce you generated previously in the request. This will allow you to verify the authenticity of the authorization and help mitigate replay attacks.

  nonce ：验证它们是否与您先前在请求中生成的随机数相同。 这将使您可以验证授权的真实性，并有助于减轻重放攻击。