最近苹果开启霸权主义形式,如果app中存在第三方登陆,就必须使用apple id登陆 服了,,,哎.只好服从,但是网上搜索发现很多解决方案都存在一定的问题,其中最主要的问题就是io.jsonwebtoken.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted. 搜索一番,未果,只好自己发现....
$ r$ N7 q0 D5 i" a, H+ D- O/ A. M( N! R. J( D6 f
后端验证苹果提供了两种验证方式:W$ L2 A4 T ]1 `% a) `1 ~; Y
一种是基于JWT identityToken的算法验证,另外一种是基于授权码的验证
! z5 u7 M/ h) v4 D4 N8 b! O这块我们只针对第一种JWT identityToken的验证给予解决方案:5 B3 @3 `- I) r) e- ^! L- G
1.首先需要使用到的Apple公钥接口:https://appleid.apple.com/auth/keys
2 d8 y* `0 L q# P2 b5 x( G: d" E. @( f; S
接口返回值:" {* M/ W& r) ^4 ~$ l5 }* \, e
{
7 y4 G& B) T- Q "keys":[
- q$ T# v9 P- w9 c5 G( \. Q4 i{2 J1 ?$ a7 B) Z) f$ m1 f% y5 I
"kty":"RSA",1 a; Q3 k* r( p; Y( R: v
"kid":"86D88Kf",
Y1 @4 d, n2 W6 y0 y- b"use":"sig",. r. p; \" H+ J( v+ Q \, L
"alg":"RS256",
2 P5 S$ g8 e+ `7 u" I5 l3 v" k"n":"iGaLqP6y-SJCCBq5Hv6pGDbG_SQ11MNjH7rWHcCFYz4hGwHC4lcSurTlV8u3avoVNM8jXevG1Iu1SY11qInqUvjJur--hghr1b56OPJu6H1iKulSxGjEIyDP6c5BdE1uwprYyr4IO9th8fOwCPygjLFrh44XEGbDIFeImwvBAGOhmMB2AD1n1KviyNsH0bEB7phQtiLk-ILjv1bORSRl8AK677-1T8isGfHKXGZ_ZGtStDe7Lu0Ihp8zoUt59kx2o9uWpROkzF56ypresiIl4WprClRCjz8x6cPZXU2qNWhu71TQvUFwvIvbkE1oYaJMb0jcOTmBRZA2QuYw-zHLwQ",
+ y& T( Y: I0 x! X9 S, v! Q"e":"AQAB"
7 o' K9 w4 s$ X+ t4 Z- ]! c5 @0 F},
" ?! {$ p" Q- v{8 A# K- [6 m0 f- T: r4 F2 H
"kty":"RSA",1 S% s @- x5 W$ D' I+ W; @. _. h7 y
"kid":"eXaunmL",
0 [: W6 p4 ^; m v" y4 s1 S7 \! v"use":"sig",_* y0 w c/ e: X$ C
"alg":"RS256",
4 e( j3 Q5 x& r& l"n":"4dGQ7bQK8LgILOdLsYzfZjkEAoQeVC_aqyc8GC6RX7dq_KvRAQAWPvkam8VQv4GK5T4ogklEKEvj5ISBamdDNq1n52TpxQwI2EqxSk7I9fKPKhRt4F8-2yETlYvye-2s6NeWJim0KBtOVrk0gWvEDgd6WOqJl_yt5WBISvILNyVg1qAAM8JeX6dRPosahRVDjA52G2X-Tip84wqwyRpUlq2ybzcLh3zyhCitBOebiRWDQfG26EH9lTlJhll-p_Dg8vAXxJLIJ4SNLcqgFeZe4OfHLgdzMvxXZJnPp_VgmkcpUdRotazKZumj6dBPcXI_XID4Z4Z3OM1KrZPJNdUhxw",* J2 g9 F) |' M4 T% L
"e":"AQAB"5 }% J7 @% s% t3 Q: [+ [+ C
}* P# u) ?, a% R. o# G
]! ]9 g C# s% }! ~* D8 x
}1 {! a2 E2 S( h% l参数说明:( d) D! W% M6 k6 U8 E4 ?$ ?