joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sign in with Apple Auth Provider (#5694)

Browse Source 
* Sign in with Apple Auth Provider

Closes: https://github.com/parse-community/parse-server/issues/5632

Should work out of the box.

* remove required options
This commit is contained in:
Diamond Lewis
2019-06-19 16:05:09 -05:00
committed by GitHub
parent 947c6beede
commit fcdf2d7947
4 changed files with 162 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
src/Adapters/Auth/apple-signin.js Normal file
View File

@@ -0,0 +1,58 @@
const Parse = require('parse/node').Parse;
const httpsRequest = require('./httpsRequest');
const NodeRSA = require('node-rsa');
const jwt = require('jsonwebtoken');
const TOKEN_ISSUER = 'https://appleid.apple.com';
const getApplePublicKey = async () => {
const data = await httpsRequest.get('https://appleid.apple.com/auth/keys');
const key = data.keys[0];
const pubKey = new NodeRSA();
pubKey.importKey(
{ n: Buffer.from(key.n, 'base64'), e: Buffer.from(key.e, 'base64') },
'components-public'
);
return pubKey.exportKey(['public']);
};
const verifyIdToken = async (token, clientID) => {
if (!token) {
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
'id_token is invalid for this user.'
);
}
const applePublicKey = await getApplePublicKey();
const jwtClaims = jwt.verify(token, applePublicKey, { algorithms: 'RS256' });
if (jwtClaims.iss !== TOKEN_ISSUER) {
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
`id_token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`
);
}
if (clientID !== undefined && jwtClaims.aud !== clientID) {
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
`jwt aud parameter does not include this client - is: ${jwtClaims.aud} | expected: ${clientID}`
);
}
return jwtClaims;
};
// Returns a promise that fulfills if this id_token is valid
function validateAuthData(authData, options = {}) {
return verifyIdToken(authData.id_token, options.client_id);
}
// Returns a promise that fulfills if this app id is valid.
function validateAppId() {
return Promise.resolve();
}
module.exports = {
validateAppId: validateAppId,
validateAuthData: validateAuthData,
};