October 2019 No. 9 pm from the new version of the line there are three hours of great respect cute product manager and what special needs plus a new IOS end Sign in with Apple
IOS is really the world's most garbage language, no one, Apple is the world's garbage company, no one
Sign in with Apple regarding Apple's official documentation to almost no mention of how to verify the background, just draw a few pictures, the client passes some parameters to the background, the background to use these parameters to successful authentication server requests IOS OK Sounds simple, right
How mmp 1. reception given parameter parsing?
mmp 2. how to pass parameters IOS server?
mmp 3. What return even if successfully resolved?
Not and will not mention, at least to a demo ah
A search of online resources, and ultimately find a still had to go the https://blog.csdn.net/wpf199402076118/article/details/99677412
Blog, roughly speaking, the two authentication methods:
1.JWT verify blogger also posted the code, but you will find that the code running nowhere, I do not know what the code did not paste the whole or a ghost, I do not know how you two ways to call
2. Verify authorization code field needs a lot you do not know where to get the front desk could not be delivered to you
After numerous tests and crazy many times, with the final the following garbage code, I always feel where there is still a problem, the problem went on to say code stickers
public static String verify(String jwt, String audience, String subject) throws Exception { String strkey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxrwmuYSAsTfn+lUu4goZSXBD9ackM9OJuwUVQHmbZo6GW4Fu/auUdN5zI7Y1dEDfgt7m7QXWbHuMD01HLnD4eRtY+RNwCWdjNfEaY/esUPY3OVMrNDI15Ns13xspWS3q+13kdGv9jHI28P87RvMpjz/JCpQ5IM44oSyRnYtVJO+320SB8E2Bw92pmrenbp67KRUzTEVfGU4+obP5RZ09OxvCr1io4KJvEOjDJuuoClF66AT72WymtoMdwzUmhINjR0XSqK6H0MdWsjw7ysyd/JhmqX5CAaT9Pgi0J8lU/pcl215oANqjy7Ob+VMhug9eGyxAWVfu/1u6QJKePlE+wIDAQAB"; PublicKey publicKey = getPublicKey(strkey); JwtParser jwtParser = Jwts.parser().setSigningKey(publicKey); jwtParser.requireIssuer("https://appleid.apple.com"); jwtParser.requireAudience(audience); jwtParser.requireSubject(subject); try { Jws<Claims> claim = jwtParser.parseClaimsJws(jwt); if (claim != null && claim.getBody().containsKey("auth_time")) { return "SUCCESS"; } return "FIALD"; } catch (ExpiredJwtException e) { log.error("apple identityToken expired", e); return "FIALD"; } catch (Exception e) { log.error("apple identityToken illegal", e); return "FIALD"; } } /** * String转公钥PublicKey * @param key * @return * @throws Exception */ public static PublicKey getPublicKey(String key) throws Exception { byte[] keyBytes; keyBytes = (new BASE64Decoder()).decodeBuffer(key); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey publicKey = keyFactory.generatePublic(keySpec); return publicKey; }
Under say how verification
1.IOS client will call Apple's unauthorized access will get some very basic information such as a unique userId from Apple that after a series of operation is successful, a verification jwt format string identityToken, mail, etc.
Call back to verify the interface after successful verification 2. Client Authorization
3. Background of the string parsing jwt, jwt format string. "" 'The whole information is divided into three parts, the first part comprises header encoding format and secret key id, that some portion of the second verification information authorized person Who effective time ah third part is encrypted and then add up to twelve part of a thing, I did not get to know this, the third part of my resolve to now do not know
4. jwt the header and the Claim (Part II) are encoded using Base64 is used needs to be decoded
A first portion of the parsed
{ "kid": "AIDOPK1", "alg": "RS256" }
A second portion of the parsed
{ "iss": "https://appleid.apple.com", "aud": "**********", "exp": 1570617356, "iat": 1570616756, "sub": "00*****1790047f40335c6c1a.0641", "c_hash": "eqOdpr_**TyHiRymHbPQ", "auth_time": 1570616756 }
The second portion may be decoded to obtain valid information aud and two sub both require the use of validation
6. Verify that the interface get a method of key from the key originally provided by Apple acquired but the format is to get the following things
{ "keys": [ { "kty": "RSA", "kid": "AIDOPK1", "use": "sig", "alg": "RS256", "n": "lxrwmuYSAsTfn-lUu4goZSXBD9ackM9OJuwUVQHmbZo6GW4Fu_auUdN5zI7Y1dEDfgt7m7QXWbHuMD01HLnD4eRtY-RNwCWdjNfEaY_esUPY3OVMrNDI15Ns13xspWS3q-13kdGv9jHI28P87RvMpjz_JCpQ5IM44oSyRnYtVJO-320SB8E2Bw92pmrenbp67KRUzTEVfGU4-obP5RZ09OxvCr1io4KJvEOjDJuuoClF66AT72WymtoMdwzUmhINjR0XSqK6H0MdWsjw7ysyd_JhmqX5CAaT9Pgi0J8lU_pcl215oANqjy7Ob-VMhug9eGyxAWVfu_1u6QJKePlE-w", "e": "AQAB" } ] }
How to use this thing? I did not want to find a specific description, but the online site can convert this thing being PublicKey As for how to convert java code I did not find, but also look at online conversions after looking for students to get informed is through what is a string method It can be converted into PublicKey
public static PublicKey getPublicKey(String key) throws Exception { byte[] keyBytes; keyBytes = (new BASE64Decoder()).decodeBuffer(key); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey publicKey = keyFactory.generatePublic(keySpec); return publicKey; }
7. The verification authentication string is valid time of 5 minutes
supplement:
String jwt = thirdLoginReq.getIdentityToken(); String decode = Base64.decoded(jwt.split("\\.")[1]); String substring = decode.substring(0, decode.indexOf("}")+1); JSONObject jsonObject = JSON.parseObject(substring); String sub = jsonObject.getString("sub"); String aud = jsonObject.getString("aud");
To use the jar
<dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.7.0</version> </dependency>