iOS 实现苹果第三方登录注意事项

1.引入framework

AuthenticationServices.framework

2.添加能力

Sign in with Apple

3.代码部分 object c 实现

#import 
#import 

@class RootViewController;

@interface AppController : NSObject <UIApplicationDelegate, ASAuthorizationControllerDelegate, ASAuthorizationControllerPresentationContextProviding>
{
    
}

@property(nonatomic, readonly) RootViewController* viewController;

+ (AppController*)ins;
+ (void)setIns:(AppController*)ins;

@end

static AppController* _ins;

+ (AppController*)ins {
    return _ins;
}

+ (void)setIns:(AppController*)ins {
    _ins = ins;
}

+ (void)loginApple {
    NSLog(@"ios登陆开始");
    ASAuthorizationAppleIDProvider *provider = [[ASAuthorizationAppleIDProvider alloc] init];
    ASAuthorizationAppleIDRequest *request = [provider createRequest];
    request.requestedScopes = @[ASAuthorizationScopeFullName, ASAuthorizationScopeEmail];
    ASAuthorizationController *vc = [[ASAuthorizationController alloc] initWithAuthorizationRequests:@[request]];
    vc.delegate = [AppController ins];
    vc.presentationContextProvider = [AppController ins];
    [vc performRequests];
}

- (void)authorizationController:(ASAuthorizationController *)controller didCompleteWithAuthorization:(ASAuthorization *)authorization NS_SWIFT_NAME(authorizationController(controller:didCompleteWithAuthorization:)) API_AVAILABLE(ios(13.0)) {
    if ([authorization.credential isKindOfClass:[ASAuthorizationAppleIDCredential class]]) {
        ASAuthorizationAppleIDCredential *credential = authorization.credential;
        
        NSLog(@"credential = %@", credential);
        
        NSString *state = credential.state;
        NSString *userID = credential.user;
        NSPersonNameComponents *fullName = credential.fullName;
        NSString *email = credential.email;
        NSString *authorizationCode = [[NSString alloc] initWithData:credential.authorizationCode encoding:NSUTF8StringEncoding]; // 验证 token
        NSString *identityToken = [[NSString alloc] initWithData:credential.identityToken encoding:NSUTF8StringEncoding]; // 用户 token
        ASUserDetectionStatus realUserStatus = credential.realUserStatus;
        NSArray *authorizedScopes = credential.authorizedScopes;
        
        NSLog(@"ios登陆成功 state: %@\nuserID: %@\nfullName: %@\nemail: %@\nauthorizationCode: %@\nidentityToken: %@\nrealUserStatus: %@\nauthorizedScopes: %@",
              state,
              userID,
              fullName,
              email,
              authorizationCode,
              identityToken,
              @(realUserStatus),
              authorizedScopes);
    }
}

- (void)authorizationController:(ASAuthorizationController *)controller didCompleteWithError:(NSError *)error  NS_SWIFT_NAME(authorizationController(controller:didCompleteWithError:)) API_AVAILABLE(ios(13.0)) {
    NSString *errorMsg = nil;
    switch (error.code) {
        case ASAuthorizationErrorCanceled:
            errorMsg = @"用户取消了授权请求";
            break;
        case ASAuthorizationErrorFailed:
            errorMsg = @"授权请求失败";
            break;
        case ASAuthorizationErrorInvalidResponse:
            errorMsg = @"授权请求响应无效";
            break;
        case ASAuthorizationErrorNotHandled:
            errorMsg = @"未能处理授权请求";
            break;
        case ASAuthorizationErrorUnknown:
            errorMsg = @"授权请求失败未知原因";
            break;
    }
    
    NSLog(@"ios登陆错误 error %@", errorMsg);
}

- (ASPresentationAnchor)presentationAnchorForAuthorizationController:(ASAuthorizationController *)controller API_AVAILABLE(ios(13.0)) {
    return self.window;
}

4.后段验证

苹果验证接口：https://appleid.apple.com/auth/token
必传参数
client_id：app的 bundle identifier
code：手机端获取到的 authorizationCode
grant_type：传入固定字符串 authorization_code
client_secret：秘钥

秘钥client_secret的生成
ruby代码如下 gen.rb

require "jwt"

key_file = "Path to the private key"
team_id = "Your Team ID"
client_id = "Your App Bundle ID"
key_id = "The Key ID of the private key"
validity_period = 180 # In days. Max 180 (6 months) according to Apple docs.

private_key = OpenSSL::PKey::EC.new IO.read key_file

token = JWT.encode(
  {
    iss: team_id,
    iat: Time.now.to_i,
    exp: Time.now.to_i + 86400 * validity_period,
    aud: "https://appleid.apple.com",
    sub: client_id
  },
  private_key,
  "ES256",
  header_fields=
  {
    kid: key_id 
  }
)
puts token

key_file：苹果开发者中心下载的.p8文件保存的路径
team_id：开发者账号的teamID
client_id：项目的bundleID
key_id：苹果开发者中心创建的keyID

ruby jwt 安装 gem install jwt
如何运行这个文件，ruby gen.rb

后段验证，需要在开发这账号中添加key，勾选Sign in with Apple，

在配置中选择Apple ID

点击下载，获取.p8文件，保存Key ID