苹果登录因为第三方的原因,从6月30号起就强制使用苹果登录才能通过苹果的审核
看了下苹果的官方文档,我觉得真的是写的最low的文档,都没有一个后端的demo
所以我就各种查询资料,看文档,终于写出了一个
下面是写的一个工具类代码(用来验证的苹果前端传的identityToken的)
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.auth0.jwk.Jwk;
import com.kzt.common.bean.Result;
import com.kzt.common.bean.ResultCode;
import io.jsonwebtoken.*;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Base64;
import org.springframework.web.client.RestTemplate;
import java.security.PublicKey;
/**
* @author 夜月
* @description
* @data 2020/9/1 19:22
*/
@Slf4j
public class AppleUtil {
/**
* 获取苹果的公钥
* @return
* @throws Exception
*/
private static JSONArray getAuthKeys() throws Exception {
String url = "https://appleid.apple.com/auth/keys";
RestTemplate restTemplate = new RestTemplate();
JSONObject json = restTemplate.getForObject(url,JSONObject.class);
JSONArray arr = json.getJSONArray("keys");
return arr;
}
public static Boolean verify(String jwt) throws Exception{
JSONArray arr = getAuthKeys();
if(arr == null){
return false;
}
JSONObject authKey = null;
//先取苹果第一个key进行校验
authKey = JSONObject.parseObject(arr.getString(0));
if(verifyExc(jwt, authKey)){
return true;
}else{
//再取第二个key校验
authKey = JSONObject.parseObject(arr.getString(1));
return verifyExc(jwt, authKey);
}
}
public static Object IOSInfofy(String jwt)throws Exception{
JSONArray arr = getAuthKeys();
if(arr == null){
return Result.newFailure(ResultCode.PARAM_NULL_ERROR);
}
JSONObject authKey = null;
//先取苹果第一个key进行校验
authKey = JSONObject.parseObject(arr.getString(0));
if(verifyExc(jwt, authKey)){
return IOSInfo(jwt, authKey);
}else{
//再取第二个key校验
authKey = JSONObject.parseObject(arr.getString(1));
return IOSInfo(jwt, authKey);
}
}
/**
* 对前端传来的identityToken进行验证
* @param jwt 对应前端传来的 identityToken
* @param authKey 苹果的公钥 authKey
* @return
* @throws Exception
*/
public static Boolean verifyExc(String jwt, JSONObject authKey) throws Exception {
Jwk jwa = Jwk.fromValues(authKey);
PublicKey publicKey = jwa.getPublicKey();
String aud = "";
String sub = "";
if (jwt.split("\\.").length > 1) {
String claim = new String(Base64.decodeBase64(jwt.split("\\.")[1]));
aud = JSONObject.parseObject(claim).get("aud").toString();
sub = JSONObject.parseObject(claim).get("sub").toString();
}
JwtParser jwtParser = Jwts.parser().setSigningKey(publicKey);
jwtParser.requireIssuer("https://appleid.apple.com");
jwtParser.requireAudience(aud);
jwtParser.requireSubject(sub);
try {
Jws<Claims> claim = jwtParser.parseClaimsJws(jwt);
if (claim != null && claim.getBody().containsKey("auth_time")) {
System.out.println(claim);
return true;
}
return false;
} catch (ExpiredJwtException e) {
log.error("apple identityToken expired", e);
return false;
} catch (Exception e) {
log.error("apple identityToken illegal", e);
return false;
}
}
/**
* 对前端传来的JWT字符串identityToken的第二部分进行解码
* 主要获取其中的aud和sub,aud大概对应ios前端的包名,sub大概对应当前用户的授权的openID
* @param identityToken
* @return {"aud":"com.xkj.****","sub":"000***.8da764d3f9e34d2183e8da08a1057***.0***","c_hash":"UsKAuEoI-****","email_verified":"true","auth_time":1574673481,"iss":"https://appleid.apple.com","exp":1574674081,"iat":1574673481,"email":"****@qq.com"}
*/
public static JSONObject parserIdentityToken(String identityToken){
String[] arr = identityToken.split("\\.");
String decode = new String (Base64.decodeBase64(arr[1]));
String substring = decode.substring(0, decode.indexOf("}")+1);
JSONObject jsonObject = JSON.parseObject(substring);
return jsonObject;
}
/**
* 获取IOS信息
*/
/**
* 对前端传来的identityToken进行验证
* @param jwt 对应前端传来的 identityToken
* @param authKey 苹果的公钥 authKey
* @return
* @throws Exception
*/
public static Object IOSInfo(String jwt, JSONObject authKey) throws Exception {
Jwk jwa = Jwk.fromValues(authKey);
PublicKey publicKey = jwa.getPublicKey();
String aud = "";
String sub = "";
if (jwt.split("\\.").length > 1) {
String claim = new String(Base64.decodeBase64(jwt.split("\\.")[1]));
aud = JSONObject.parseObject(claim).get("aud").toString();
sub = JSONObject.parseObject(claim).get("sub").toString();
}
JwtParser jwtParser = Jwts.parser().setSigningKey(publicKey);
jwtParser.requireIssuer("https://appleid.apple.com");
jwtParser.requireAudience(aud);
jwtParser.requireSubject(sub);
try {
Jws<Claims> claim = jwtParser.parseClaimsJws(jwt);
if (claim != null && claim.getBody().containsKey("auth_time")) {
System.out.println(claim.getBody());
Claims body = claim.getBody();
return body;
}
return Result.newFailure(ResultCode.USER_GET_USERIFNO_NULL);
} catch (ExpiredJwtException e) {
log.error("apple identityToken expired", e);
return Result.newFailure(ResultCode.USER_GET_USERIFNO_NULL);
} catch (Exception e) {
log.error("apple identityToken illegal", e);
return Result.newFailure(ResultCode.USER_GET_USERIFNO_NULL);
}
}
}
这是一个调用的方法
Object objectResult = this.appleLogin(info.getCredential(), request);
IOSUserInfo iosUserInfo = new IOSUserInfo();
if(objectResult instanceof DefaultClaims){
DefaultClaims claims=(DefaultClaims)objectResult;
iosUserInfo.setSub((String)claims.get("sub"));
iosUserInfo.setEmail((String)claims.get("email"));
iosUserInfo.setCHash((String) claims.get("c_hash"));
}
用来获取数据加判断
public Object appleLogin(String identityToken, HttpServletRequest request){
try {
Map<String, String> map = new HashMap<String, String>();
//验证identityToken
if(!AppleUtil.verify(identityToken)){
//授权认证失败
return Result.newFailure(ResultCode.valueOf("授权认证失败"));
}
//对identityToken解码
JSONObject json = AppleUtil.parserIdentityToken(identityToken);
if(json == null){
//授权解码失败
return Result.newFailure(ResultCode.valueOf("授权解码失败"));
}
return AppleUtil.IOSInfofy(identityToken);
}catch (Exception e){
log.error("app wxLogin error:" + e.getMessage(),e);
return Result.newFailure(ResultCode.S_SERVICE_BUSY_ING);
}
}
然后就可以加上自己的业务逻辑来写后续代码了