PTGU OAuth Apple

Import

import (
	PTGUoauth "github.com/parinyapt/golang_utils/oauth/apple/v1"
)

Example

Config OAuth

var privkey = `
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----`

appleOAuth := PTGUoauth.NewAppleOAuth(&PTGUoauth.AppleOAuthConfig{
  ClientID:    "com.prinpt.devx",
  RedirectURL: "https://apple.prinpt.com/callback",
  TeamID:      "XXXXXXXXXX",
  KeyID:       "XXXXXXXXXX",
  PrivateKey:  privkey,
})

Generate Login URL

loginURL := appleOAuth.GenerateOAuthURL(PTGUoauth.OptionAppleGenerateOAuthURL{
  ResponseType: []string{"code", "id_token"},
  ResponseMode: "form_post",
  Scope:        []string{"name", "email"},
  State:        "STATE",
})

Generate Client Secret

clientSecret, err := appleOAuth.GenerateClientSecret(5 * time.Minute)
if err != nil {
	panic(err)
}
fmt.Println(clientSecret)

Get IDToken Info from JWT

tokenString := "eyJra...96sZg"
data, err := PTGUoauth.GetIDTokenInfo(tokenString)
if err != nil {
  panic(err)
}
fmt.Println(data.Audience)
if data.Email != nil {
  fmt.Println(*data.Email)
}

Get IDToken Info from JWT with validate Public Key

tokenString := "eyJra...96sZg"
data, ispass , err := appleOAuth.GetIDTokenInfoWithPublicKeyValidation(tokenString, PTGUoauth.OptionAppleGetIDTokenInfoWithPublicKeyValidation{
  NotIssuedBeforeTime: time.Now().Add(-1 * time.Hour), // optional
  ExpiresAfterIssuedIn: 10 * time.Hour, // optional
})
if err != nil {
  panic(err)
}
fmt.Println(ispass)
fmt.Println(data.Audience)
if data.Email != nil {
  fmt.Println(*data.Email)
}

Get Apple Public Key

pubKey, err := PTGUoauth.GetApplePublicKey("XXXXXXX")
if err != nil {
  panic(err)
}
fmt.Println(pubKey.N)
fmt.Println(pubKey.E)

Validate Authorization Code and Get Access Token / ID Token / Refresh Token

code := "c7...lABoQ"
data, err := appleOAuth.ValidateAuthorizationCode(code, PTGUoauth.PlatformWeb) // PTGUoauth.PlatformWeb or PTGUoauth.PlatformApp
if err != nil {
  panic(err)
}
fmt.Println(data.AccessToken)
fmt.Println(data.RefreshToken)
fmt.Println(data.TokenType)
fmt.Println(data.ExpiresIn)
fmt.Println(data.IDToken)

Validate Refresh Token and Get Access Token / ID Token

refreshToken := "rca7...lABoQ"
data, err := appleOAuth.ValidateRefreshToken(refreshToken)
if err != nil {
  panic(err)
}
fmt.Println(data.IDToken)
fmt.Println(data.AccessToken)
fmt.Println(data.ExpiresIn)
fmt.Println(data.TokenType)

Revoke Token by Access Token or Refresh Token

token := "rca7...lABoQ"
err := appleOAuth.RevokeToken(token, PTGUoauth.TypeRefreshToken) // PTGUoauth.TypeAccessToken or PTGUoauth.TypeRefreshToken
if err != nil {
  panic(err)
}

REF

• https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
• https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple
• https://medium.com/@sirajul.anik/sign-in-with-apple-verify-mobile-app-payload-under-5-minutes-for-backend-developers-d69c2217ddec
• https://github.com/Timothylock/go-signin-with-apple
• https://sarunw.com/posts/sign-in-with-apple-4/