iOS 苹果登录Sign in with Apple 和 服务端验证(nodejs 版)

Sign in with Apple

首先要在苹果开发者账号里设置一些东西，可参考
https://www.jianshu.com/p/e1284bd8c72a

客户端使用苹果登录，服务器端使用node验证，代码中包含 iOS和nodejs https://github.com/Hwangkop/iOSSignAndNode

服务端要做的其实很简单

nodejs需要装三个东西

npm install node-rsa
npm install axios
npm install jsonwebtoken

1. 提供一个接口让客户端上传他那边获取到的identity

2. 当客户端通过请求你提供的接口时，服务端可以使用axios请求这个接口 https://appleid.apple.com/auth/keys
   ，直接调用便会获取到一个 JWK，获取到的信息如下

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "AIDOPK1",
      "use": "sig",
      "alg": "RS256",
      "n": "lxrwmuYSAsTfn-lUu4goZSXBD9ackM9OJuwUVQHmbZo6GW4Fu_auUdN5zI7Y1dEDfgt7m7QXWbHuMD01HLnD4eRtY-RNwCWdjNfEaY_esUPY3OVMrNDI15Ns13xspWS3q-13kdGv9jHI28P87RvMpjz_JCpQ5IM44oSyRnYtVJO-320SB8E2Bw92pmrenbp67KRUzTEVfGU4-obP5RZ09OxvCr1io4KJvEOjDJuuoClF66AT72WymtoMdwzUmhINjR0XSqK6H0MdWsjw7ysyd_JhmqX5CAaT9Pgi0J8lU_pcl215oANqjy7Ob-VMhug9eGyxAWVfu_1u6QJKePlE-w",
      "e": "AQAB"
    }
  ]
}

我们要通过上面的keys里面的第一个对象去获取 Public Key,这里需要解码才能得到 Public Key，可以使用 node-rsa

let res = await axios.request({
    method: "GET",
    url: "https://appleid.apple.com/auth/keys",
})
let key = res.data.keys[0]
const pubKey = new NodeRSA();
pubKey.importKey({ n: Buffer.from(key.n, 'base64'), e: Buffer.from(key.e, 'base64') }, 'components-public');
let data = {publicKey: pubKey.exportKey(['public']), alg: key.alg}

3. 然后使用 jsonwebtoken 解码获取用户信息

let payload = jwt.decode(identity,data.publicKey,data.alg)

打印 payload 会得到以下信息，sub就是用户的唯一标示

{
  "iss": "https://appleid.apple.com",
  "aud": "这个对应app的bundleid",
  "exp": 1567494694,
  "iat": 1567494094,
  "sub": "这个字段和手机端获取的user信息相同",
  "c_hash": "nRYP2wGXBGT0bIYWibx4Yg",
  "auth_time": 1567494094
}

但是是需要验证的

jwt.verify(identity,data.publicKey,(error,decoded)=>{
        payload = decoded;
    });

服务端整体代码

router.get('/auth', async ctx => {
    var data = await getPublicKey()
    let identity = ctx.query.identity
    //解码获得用户信息

    ~~ let payload = jwt.decode(identity,data.publicKey,data.alg)~~

    jwt.verify(identity,data.publicKey,(error,decoded)=>{
        payload = decoded;
        console.log(payload)
    });

})

async function getPublicKey() {
    let res = await axios.request({
        method: "GET",
        url: "https://appleid.apple.com/auth/keys",
    })
    let key = res.data.keys[0]
    const pubKey = new NodeRSA();
    pubKey.importKey({ n: Buffer.from(key.n, 'base64'), e: Buffer.from(key.e, 'base64') }, 'components-public');
    let data = {publicKey: pubKey.exportKey(['public']), alg: key.alg}
    return data;
}

iOS和nodejs demo地址 https://github.com/Hwangkop/iOSSignAndNode