在.net后端通过apple JS登录验证AuthToken
我正在尝试在我们的Web应用程序上实现与apple的登录,它可以在AppleTV和IOS上运行,但同样的流程似乎不适用于apple JS的令牌,我得到了在.net后端通过apple JS登录验证AuthToken,.net,.net-core,oauth-2.0,cng,apple-sign-in,.net,.net Core,Oauth 2.0,Cng,Apple Sign In,我正在尝试在我们的Web应用程序上实现与apple的登录,它可以在AppleTV和IOS上运行,但同样的流程似乎不适用于apple JS的令牌,我得到了无效的\u客户端 似乎还需要一些额外的步骤,所以我添加了孩子之类的,现在我陷入了无效的\u GRANT(根据我所了解的情况,这更好,至少客户还可以) 从Js端,我执行以下操作:(流程似乎正确,在appleidsigninosuccess中有适当的响应) AppleID.auth.init({ clientId:'com.\\\\\\\\\\\\\
无效的\u客户端无效的\u GRANTJsappleidsigninosuccessAppleID.auth.init({
clientId:'com.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.weblogin',//已创建服务Id
范围:“名称电子邮件”,
州:州,,
重定向URI:location.href,
usePopup:true//或false默认为false
});
document.addEventListener('appleidsigninosuccess',(数据)=>{
//处理成功的响应
var deviceKey=document.cookie.replace(/(?:(?:^ |。*;\s*)deviceKey\s*\=\s*([^;]*).*$)| ^.*$/,“$1”);
请求登录({
AppleToken:data.detail.authorization.id\u令牌,
AppleAuthorizationCode:btoa(data.detail.authorization.code),//我们的api要求base64urlsafe字符串与本机应用程序是对称的
FirstName:data.detail.user?.FirstName,
LastName:data.detail.user?.LastName,
DeviceKey:DeviceKey
});
});
.NETHclient.DefaultRequestHeaders.Add("User-Agent", "Microsoft ASP.NET Core OpenIdConnect handler");
var datas = new Dictionary<string, string="">()
{
{ "client_id" , request.DeviceKey.StartsWith("WEB_") ? "com.########.weblogin" : "com.########.app" }, //use the serviceId and not the main appId for web
{ "code" , request.AppleAuthorizationCode.FromBase64UrlSafe().FromUtf8Bytes() },
{ "grant_type" , "authorization_code" },
{ "redirect_uri", "https://login.#######.com/signin-apple" },
{"client_secret",request.DeviceKey.StartsWith("WEB_") ? TokenGenerator2.CreateNewToken() : TokenGenerator.CreateNewToken() }//generate the client_secret differently for web
};
var formdata = new FormUrlEncodedContent(datas);
using (HttpResponseMessage res = Hclient.PostAsync("https://appleid.apple.com/auth/token",formdata ).Result)
我正在使用Javascript SDK与Apple进行登录。我试图使用弹出流登录,但似乎在登录过程完成时,
appleidsigninosuccesspublic static class TokenGenerator2
{
public static string CreateNewToken()
{
const string iss = "7#######G"; // team ID
const string aud = "https://appleid.apple.com";
const string sub = "com.#######.weblogin"; // service Id
const string keyId = "G######W";//key Idassociated with the p8 file
const string privateKey = "MIGT####...#####"; // contents of AuthKey_[keyId].p8 file
var d = DateTime.UtcNow.AddDays(-5);//I was worried the date time was the issue so I took a laaaaarge one ...
var cngKey = CngKey.Import(
Convert.FromBase64String(privateKey),
CngKeyBlobFormat.Pkcs8PrivateBlob);
var handler = new JwtSecurityTokenHandler();
var securityKey = new ECDsaSecurityKey(new ECDsaCng(cngKey) { KeySize = 256 , HashAlgorithm = CngAlgorithm.ECDsaP256});
securityKey.KeyId = keyId;
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.EcdsaSha256);
return handler.CreateEncodedJwt(iss, aud, new ClaimsIdentity(new List { new Claim("sub", sub) }),d, expires: d.AddMonths(3),d, signingCredentials: signingCredentials);
}
}
public static class TokenGenerator
{
public static string CreateNewToken()
{
const string iss = "7#######G"; // your account's team ID found in the dev portal
const string aud = "https://appleid.apple.com";
const string sub = "com.######.app";
const string privateKey = "MIGTAg###...####"; // contents of .p8 file
var cngKey = CngKey.Import(
Convert.FromBase64String(privateKey),
CngKeyBlobFormat.Pkcs8PrivateBlob);
var d = DateTime.UtcNow.AddDays(-5);
var handler = new JwtSecurityTokenHandler();
var token = handler.CreateJwtSecurityToken(
issuer: iss,
audience: aud,
subject: new ClaimsIdentity(new List { new Claim("sub", sub) }),
expires: d.AddMonths(3), // expiry can be a maximum of 6 months
issuedAt: d,
notBefore: d,
signingCredentials: new SigningCredentials(
new ECDsaSecurityKey(new ECDsaCng(cngKey)), SecurityAlgorithms.EcdsaSha256));
return handler.WriteToken(token);
}
}