Categorygithub.com/GianOrtiz/apple-auth-go
modulepackage
0.1.0
Repository: https://github.com/gianortiz/apple-auth-go.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
11
Dependents
0
Files
338 SLOC

# README

apple-auth-go

GoDoc Build Status Build Status

apple-auth-go is a unofficial Golang package to validate authorization tokens and manage the authorization of Apple Sign In server side. It provides utility functions and models to retrieve user information and validate authorization codes.

Installation

Install with go modules:

go get github.com/GianOrtiz/apple-auth-go

Usage

The package follow the Go approach to resolve problems, the usage is pretty straightforward, you start initiating a client with:

package main

import (
    "github.com/GianOrtiz/apple-auth-go"
)

func main() {
    appleAuth, err := apple.New("<APP-ID>", "<TEAM-ID>", "<KEY-ID>", "/path/to/apple-sign-in-key.p8")
    if err != nil {
        panic(err)
    }
}

To validate an authorization code, retrieving refresh and access tokens:

package main

import (
    "github.com/GianOrtiz/apple-auth-go"
)

func main() {
    appleAuth, err := apple.New("<APP-ID>", "<TEAM-ID>", "<KEY-ID>", "/path/to/apple-sign-in-key.p8")
    if err != nil {
        panic(err)
    }

    // Validate authorization code from a mobile app.
    tokenResponse, err := appleAuth.ValidateCode("<AUTHORIZATION-CODE>")
    if err != nil {
        panic(err)
    }

    // Validate authorization code from web app with redirect uri.
    tokenResponse, err := appleAuth.ValidateCodeWithRedirectURI("<AUTHORIZATION-CODE>", "https://redirect-uri")
    if err != nil {
        panic(err)
    }
}

The returned tokenResponse provides the access token, to make requests on behalf of the user with Apple servers, the refresh token, to retrieve a new access token after expiration, trought the ValidateRefreshToken method, and the id token, which is a JWT encoded string with user information. To retrieve the user information from this id token we provide a utility function GetUserInfoFromIDToken:

package main

import (
    "fmt"

    "github.com/GianOrtiz/apple-auth-go"
)

func main() {
    appleAuth, err := apple.New("<APP-ID>", "<TEAM-ID>", "<KEY-ID>", "/path/to/apple-sign-in-key.p8")
    if err != nil {
        panic(err)
    }

    // Validate authorization code from a mobile app.
    tokenResponse, err := appleAuth.ValidateCode("<AUTHORIZATION-CODE>")
    if err != nil {
        panic(err)
    }

    user, err := apple.GetUserInfoFromIDToken(tokenResponse.idToken)
    if err != nil {
        panic(err)
    }

    // User Apple unique identification.
    fmt.Println(user.UID)
    // User email if the user provided it.
    fmt.Println(user.Email)
}

# Functions

GetUserInfoFromIDToken retrieve the user info from the JWT id token.
Setup and return a new AppleAuth for validation of tokens.

# Variables

ErrorResponseInvalidClient error when the response is invalid_client.
ErrorResponseInvalidGrant error when the response is invalid_grant.
ErrorResponseInvalidRequest error when the response is invalid_request.
ErrorResponseInvalidScope error when the response is invalid_scope.
ErrorResponseTypeInvalidClient the client authentication failed, typically due to a mismatched or invalid client identifier, invalid client secret (expired token, malformed claims, or invalid signature), or mismatched or invalid redirect URI.
ErrorResponseTypeInvalidGrant the authorization grant or refresh token is invalid, typically due to a mismatched or invalid client identifier, invalid code (expired or previously used authorization code), or invalid refresh token.
ErrorResponseTypeInvalidRequest the request is malformed, typically because it is missing a parameter, contains an unsupported parameter, includes multiple credentials, or uses more than one mechanism for authenticating the client.
ErrorResponseTypeInvalidScope the requested scope is invalid.
ErrorResponseTypeUnauthorizedClient the client is not authorized to use this authorization grant type.
ErrorResponseTypeUnsupportedGrantType the authenticated client is not authorized to use this grant type.
ErrorResponseUnauthorizedClient error when the response is unauthorized_client.
ErrorResponseUnsupportedGrantType error when the response is unsupported_grant_type.
RealUserStatusLikelyReal user is likely real.
RealUserStatusUnknown cannot determine if the user is real.
RealUserStatusUnsupported unsupported, only works in iOS >= 14.

# Structs

AppleUser is the model to hold information about the user.
No description provided by the author
TokenResponse response when validation was successfull.

# Interfaces

AppleAuth is the contract for communication and validation of Apple user tokens.

# Type aliases

No description provided by the author
RealUserStatus an integer value that indicates whether the user appears to be a real person.