如何从“使用Apple登录”验证IdentityToken?

时间:2019-10-14 06:42:10

标签: ios apple-sign-in

我正在尝试验证从“使用Apple登录”服务中获得的身份令牌。

document表示身份令牌是JSON Web令牌(JWT),但我获得了以下格式的身份令牌:

identityToken = ZXlKcmFXUWlPaUpCU1VSUFVFc3hJaXdpWVd4bklqb2lVbE15TlRZaWZRLmV5SnBjM01pT2lKb2RIUndjem92TDJGd2NHeGxhV1F1WVhCd2JHVXVZMjl0SWl3aVlYVmtJam9pWTI5dExteHZiMjVuTG5Oa2F5NTBaWE4wTG05MlpYSnpaV0VpTENKbGVIQWlPakUxTnpBNE5qSTJPVElzSW1saGRDSTZNVFUzTURnMk1qQTVNaXdpYzNWaUlqb2lNREF4TURNNUxqSXpNemxrWXpReU9XWXhPVFExWW1NNVpqQXpZekU1T1RVeU1HUXlZMlUwTGpBek1EWWlMQ0pqWDJoaGMyZ2lPaUpoWkhZMFEyVnZSMjF5VDNWbVZrbG9SRzl4TFhobklpd2lZWFYwYUY5MGFXMWxJam94TlRjd09EWXlNRGt5ZlEuT19nTm1hTDdtd1hXcUpKX1ZIaElzT25IYWF4cnM0a1VWMVJzWjZwWEdHT1JFcnAxeXU0TzRzcWwtbnJrRl9xR2pRN2syLWxoQ25BWnRYOC13ektRNUM3M0NZZTFJRW1VTUFSS2ItYk1fdGx2YlVscmhXRGhkSjZSWVdpaTEwVklyN0oway1pZlEyb3lXUmRUTnNDTmpBaHM4SVMzYWxfQ0RqajhyY2hQa1djRHBKMGdqSm9Bamhua2hFRlllVWMxMWxaazFHVmRITXVoN3hqNUotVW1HNFNlczJ0OXBvcjZaTjZhc0lucENnM3lKaU5YREtMRDg2enRtc1NEem1rTGhFX2JLLWhaZlRRakNTSWx4TDJobm82NlVPbVJfMTNibDdsRmo0cTF3RVVQeFRCMDZGcTBBNkRXQ1lVa1ZaN0dScVhCWURDNUNqX2hhd2ZHUTIwandR

此令牌不是JWT格式。我应该如何使用身份令牌来获取JWT格式?

4 个答案:

答案 0 :(得分:6)

我很确定您再次对base64进行了字符串编码。只是把它串起来就好了

String(data: appleIdCredential.identityToken!, encoding: .utf8)

答案 1 :(得分:1)

身份令牌将采用base64编码。您可以在调试器中将其打印出来,例如

po String(data: appleIdCredential.identityToken!, encoding: .utf8)!

然后您可以将其输出复制到jwt.io以检查其内容。

(您的示例值不是有效的jwt值,所以我不确定您从何处获取它。)

答案 2 :(得分:0)

您的“使用Apple登录”可能出了问题。那应该返回像这样的响应:

{
  "authorizationCode": ...,
  "identityToken": ...,
  "realUserStatus": ...,
  "user": ...
}

您要查找的“ identityToken”是带有以下信息的JWT令牌:

{
  "iss": "https://appleid.apple.com",
  "aud": ...,
  "exp": 1575106544,
  "iat": 1575105944,
  "sub": ...,
  "c_hash": ...,
  "email": ...,
  "email_verified": "true",
  "is_private_email": "true",
  "auth_time": 1575105944
}

这是文档:https://developer.apple.com/documentation/signinwithapplerestapi/authenticating_users_with_sign_in_with_apple

答案 3 :(得分:0)

只需传递 id 令牌来解码函数

func decode(jwtToken jwt: String) -> [String: Any] {
  let segments = jwt.components(separatedBy: ".")
  return decodeJWTPart(segments[1]) ?? [:]
}

func base64UrlDecode(_ value: String) -> Data? {
  var base64 = value
    .replacingOccurrences(of: "-", with: "+")
    .replacingOccurrences(of: "_", with: "/")

  let length = Double(base64.lengthOfBytes(using: String.Encoding.utf8))
  let requiredLength = 4 * ceil(length / 4.0)
  let paddingLength = requiredLength - length
  if paddingLength > 0 {
    let padding = "".padding(toLength: Int(paddingLength), withPad: "=", startingAt: 0)
    base64 = base64 + padding
  }
  return Data(base64Encoded: base64, options: .ignoreUnknownCharacters)
}

func decodeJWTPart(_ value: String) -> [String: Any]? {
  guard let bodyData = base64UrlDecode(value),
    let json = try? JSONSerialization.jsonObject(with: bodyData, options: []), let payload = json as? [String: Any] else {
      return nil
  }

  return payload
}

喜欢:

让 jwt = 尝试解码(jwtToken: stringToken)

然后您可以获得所需的数据,例如:

让 _ = jwt[""] 作为?字符串

相关问题
最新问题