Spring Cloud 架构设计之苹果Apple账户注销 Revoke tokens auth/revoke

Spring Cloud 架构设计之苹果Apple账户注销 Revoke tokens auth/revoke

前言

近期,本人在开发一款互联网产品,项目地址https://github.com/yjjhkyq/doubi。同时,我也将通过连载的方式,将这款互联网产品的架构、技术细节等逐步记录下来,欢迎大家指正。

一、开篇

根据Apple最新的要求,通过Apple登录的用户在进行注销时需要调用苹果的auth/revoke api。
完成这个操作需要调用的API有如下两个:

  1. https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens
  2. https://developer.apple.com/documentation/sign_in_with_apple/revoke_tokens
    需要准备的参数如下:
  3. client id ,填入套装ID在这里插入图片描述
  4. team id 找ios开发要
  5. kid及 private key 根据https://help.apple.com/developer-account/#/dev77c875b7e获取

二、API封装

@Slf4j
public class AppleUtils {

    private static final String APPLE_DOMAIN = "https://appleid.apple.com";

    public static void revokeAuth(String refreshToken, String clientId, String clientSecret) {

        String url = getUrl("/auth/revoke");
        Map<String, Object> form = new HashMap<String, Object>();
        form.put("client_id", clientId);
        form.put("client_secret", clientSecret);
        form.put("token_type_hint","refresh_token");
        form.put("token", refreshToken);
        HttpResponse execute = HttpRequest.post(url).header(Header.CONTENT_TYPE.getValue(), ContentType.FORM_URLENCODED.getValue()).form(form).execute();
        log.info("auth revoke, refresh token:{} client id:{} result:{}", refreshToken, clientId, execute.body());
    }

    /**
     * 
     * @param code authorization code ios端传入
     * @param clientId
     * @param clientSecret
     * @return
     */
    public static String generateRefreshToken(String code, String clientId, String clientSecret) {
        log.info("generateRefreshToken start");
        String url = getUrl("/auth/token");
        Map<String, Object> form = new HashMap<String, Object>();
        form.put("client_id", clientId);
        form.put("client_secret", clientSecret);
        form.put("grant_type","authorization_code");
        form.put("code", code);
        HttpResponse execute = HttpRequest.post(url).header(Header.CONTENT_TYPE.getValue(), ContentType.FORM_URLENCODED.getValue()).form(form).execute();
        Map<String, Object> response = JsonUtil.fromString(execute.body(), HashMap.class);
        log.info("generateRefreshToken end");
        if (response.containsKey("refresh_token")){
            return String.valueOf(response.get("refresh_token"));
        }
        log.error("request apple auth token error, code:{} client id:{} reason:{}", code, clientId, execute.body());
        throw new RuntimeException(StrUtil.format("request apple auth token error "));
    }

    /**
     * 参考文档: https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple#generate-the-client-secret
     * @param client_id
     * @param team_id
     * @param key_id
     * @param privateKeyValue private key,填入下载的私钥文件里面的值,不要文件里面的注释前缀及后缀
     * @return
     * @throws Exception
     */
    public static String generateClientSecret(String client_id, String team_id, String key_id, String privateKeyValue) throws Exception{
        Map<String, Object> header = new HashMap<String, Object>();
        Map<String, Object> claims = new HashMap<String, Object>();
        long now = new Date().getTime() / 1000;
        header.put("kid", key_id); // 参考后台配置
        claims.put("iss", team_id); // 参考后台配置 team id
        claims.put("iat", now);
        claims.put("exp", now + 60 * 60 * 24 * 30); // 最长半年,单位秒
        claims.put("aud", APPLE_DOMAIN); // 默认值
        claims.put("sub", client_id);
        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(readKey(privateKeyValue));
        KeyFactory keyFactory = KeyFactory.getInstance("EC");
        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
        String client_secret = Jwts.builder().setHeader(header).setClaims(claims).signWith(SignatureAlgorithm.ES256, privateKey).compact();
        return client_secret;
    }

    private static byte[] readKey(String key_value) {
        return Base64.decodeBase64(key_value);
    }

    private static String getUrl(String path) {
        return APPLE_DOMAIN + path;
    }
}

调用步骤

  1. 在注册或者登陆后,根据authorization code去换取refresh code 并保存在数据库中(我发现去访问Apple API的时候有时候速度很慢,最差要四秒,所以这个操作最好异步去做)
  final String clientSecret = AppleUtils.generateClientSecret(authAppleConfig.getClientId(), authAppleConfig.getTeamId(), authAppleConfig.getKid(),
                            authAppleConfig.getPrivateKey());
                    //将此值存入数据库
                    String refreshToken = AppleUtils.generateRefreshToken(accessToken, authAppleConfig.getClientId(), clientSecret);
  1. 通过refresh code去注销账户
final String clientSecret = AppleUtils.generateClientSecret(authAppleConfig.getClientId(), authAppleConfig.getTeamId(), authAppleConfig.getKid(),
                    authAppleConfig.getPrivateKey());
            AppleUtils.revokeAuth(refreshToken, authAppleConfig.getClientId(), clientSecret);

总结

写完了,弱弱的问下,可以帮我的开源项目点个赞码?

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值