Skip to content

Commit

Permalink
make Apple ResponseMode configurable
Browse files Browse the repository at this point in the history
  • Loading branch information
paskal authored and umputun committed Apr 1, 2023
1 parent 62eb18d commit dc03f5d
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 23 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -522,7 +522,7 @@ After completing the previous steps, you can proceed with configuring the Apple
- _ClientID_ (**required**) - Service ID identifier which is used for Sign with Apple
- _TeamID_ (**required**) - Identifier a developer account (use as prefix for all App ID)
- _KeyID_ (**required**) - Identifier a generated key for Sign with Apple

- _ResponseMode_ - Response Mode, please see [documentation](https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168) for reference, default is `form_post`

```go
// apple config parameters
Expand Down
7 changes: 4 additions & 3 deletions _example/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,9 +87,10 @@ func main() {

// allow sign with apple id
appleCfg := provider.AppleConfig{
ClientID: os.Getenv("AEXMPL_APPLE_CID"),
TeamID: os.Getenv("AEXMPL_APPLE_TID"),
KeyID: os.Getenv("AEXMPL_APPLE_KEYID"), // private key identifier
ClientID: os.Getenv("AEXMPL_APPLE_CID"),
TeamID: os.Getenv("AEXMPL_APPLE_TID"),
KeyID: os.Getenv("AEXMPL_APPLE_KEYID"), // private key identifier
ResponseMode: "query", // see https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168
}

if err := service.AddAppleProvider(appleCfg, provider.LoadApplePrivateKeyFromFile(os.Getenv("AEXMPL_APPLE_PRIVKEY_PATH"))); err != nil {
Expand Down
28 changes: 14 additions & 14 deletions provider/apple.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,11 @@ type appleVerificationResponse struct {

// AppleConfig is the main oauth2 required parameters for "Sign in with Apple"
type AppleConfig struct {
ClientID string // the identifier Services ID for your app created in Apple developer account.
TeamID string // developer Team ID (10 characters), required for create JWT. It available, after signed in at developer account, by link: https://developer.apple.com/account/#/membership
KeyID string // private key ID assigned to private key obtain in Apple developer account
ClientID string // the identifier Services ID for your app created in Apple developer account.
TeamID string // developer Team ID (10 characters), required for create JWT. It available, after signed in at developer account, by link: https://developer.apple.com/account/#/membership
KeyID string // private key ID assigned to private key obtain in Apple developer account
ResponseMode string // changes method of receiving data in callback. Default value "form_post" (https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168)

responseMode string // changes method of receiving data in callback. Default value "form_post" (https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168)
scopes []string // for this package allow only username scope and UID in token claims. Apple service API provide only "email" and "name" scope values (https://developer.apple.com/documentation/sign_in_with_apple/clientconfigi/3230955-scope)
privateKey interface{} // private key from Apple obtained in developer account (the keys section). Required for create the Client Secret (https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens#3262048)
publicKey crypto.PublicKey // need for validate sign of token
Expand Down Expand Up @@ -158,21 +158,21 @@ func NewApple(p Params, appleCfg AppleConfig, privateKeyLoader PrivateKeyLoaderI
}

responseMode := "form_post"
if appleCfg.responseMode != "" {
responseMode = appleCfg.responseMode
if appleCfg.ResponseMode != "" {
responseMode = appleCfg.ResponseMode
}

ah := AppleHandler{
Params: p,
name: "apple", // static name for an Apple provider

conf: AppleConfig{
ClientID: appleCfg.ClientID,
TeamID: appleCfg.TeamID,
KeyID: appleCfg.KeyID,
scopes: []string{"name"},
jwkURL: appleKeysURL,
responseMode: responseMode,
ClientID: appleCfg.ClientID,
TeamID: appleCfg.TeamID,
KeyID: appleCfg.KeyID,
scopes: []string{"name"},
jwkURL: appleKeysURL,
ResponseMode: responseMode,
},

endpoint: oauth2.Endpoint{
Expand Down Expand Up @@ -510,7 +510,7 @@ func (ah *AppleHandler) prepareLoginURL(state, path string) (string, error) {

scopesList := strings.Join(ah.conf.scopes, " ")

if scopesList != "" && ah.conf.responseMode != "form_post" {
if scopesList != "" && ah.conf.ResponseMode != "form_post" {
return "", fmt.Errorf("response_mode must be form_post if scope is not empty")
}

Expand All @@ -522,7 +522,7 @@ func (ah *AppleHandler) prepareLoginURL(state, path string) (string, error) {
query := authURL.Query()
query.Set("state", state)
query.Set("response_type", "code")
query.Set("response_mode", ah.conf.responseMode)
query.Set("response_mode", ah.conf.ResponseMode)
query.Set("client_id", ah.conf.ClientID)
query.Set("scope", scopesList)
query.Set("redirect_uri", ah.makeRedirURL(path))
Expand Down
10 changes: 5 additions & 5 deletions provider/apple_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -426,11 +426,11 @@ func prepareAppleHandlerTest(responseMode string, scopes []string) (*AppleHandle
}

aCfg := AppleConfig{
ClientID: "auth.example.com",
TeamID: "AA11BB22CC",
KeyID: "BS2A79VCTT",
responseMode: responseMode,
scopes: scopes,
ClientID: "auth.example.com",
TeamID: "AA11BB22CC",
KeyID: "BS2A79VCTT",
ResponseMode: responseMode,
scopes: scopes,
}

cl := customLoader{}
Expand Down

0 comments on commit dc03f5d

Please sign in to comment.