使用Apple登录的invalid_client

  • Z时代
  • 2024-01-10
  • 分类:问答

我想要达到的目标:

  • iOS客户端将JWT令牌发送到后端。

  • 后端(Java)调用https://appleid.apple.com/auth/token验证令牌。

我到目前为止所拥有的:

拨打Apple验证电话:

        restTemplate = new RestTemplate();
        HttpHeaders headers = new HttpHeaders();
        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
        map.add("client_id", clientId); // app_id like com.app.id
        String token = generateJWT();   // generated jwt
        map.add("client_secret", token); 
        map.add("grant_type", "authorization_code");
        map.add("code", authorizationCode);  // JWT code we got from iOS
        HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(map, headers);
        final String appleAuthURL = "https://appleid.apple.com/auth/token";
        String response = restTemplate.postForObject(appleAuthURL, request, String.class);

代币生成:

        final PrivateKey privateKey = getPrivateKey();
        final int expiration = 1000 * 60 * 5;
        String token = Jwts.builder()
                .setHeaderParam(JwsHeader.KEY_ID, keyId) // key id I got from Apple 
                .setIssuer(teamId)  
                .setAudience("https://appleid.apple.com")
                .setSubject(clientId) // app id com.app.id
                .setExpiration(new Date(System.currentTimeMillis() + expiration))
                .setIssuedAt(new Date(System.currentTimeMillis()))
                .signWith(SignatureAlgorithm.ES256, privateKey) // ECDSA using P-256 and SHA-256
                .compact();
        return token;

从文件中获取我的私钥:

        final Reader pemReader = new StringReader(getKeyData());
        final PEMParser pemParser = new PEMParser(pemReader);
        final JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
        final PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject();
        final PrivateKey pKey = converter.getPrivateKey(object);

我确认我的JWT具有所有必填字段:

{
  "kid": "SAME KEY AS MY KEY ID",
  "alg": "ES256"
}
{
  "iss": "Blahblah",
  "aud": "https://appleid.apple.com",
  "sub": "com.app.id",
  "exp": 1578513833,
  "iat": 1578513533
}

回答:

这行引起了我的注意:

map.add("code", authorizationCode);  // JWT code we got from iOS

authorizationCode不是jwt

JSON Web令牌包含3个由点分隔的部分

但是authorizationCode有4个部分,例如:

text1.text2.0.text3

您可能正在使用identityTokeniOS应用中的,而不是authorizationCode

这是您如何检索它:

let authorizationCode = String(data: appleIDCredential.authorizationCode!, encoding: .utf8)!
print("authorizationCode: \(authorizationCode)")

对于遇到相同invalid_client错误后可能会来到这里的人,也要谨记以下几点:

  1. kid是来自developer.apple.com/account/resources/authkeys/list的私钥的ID。

  2. keyFile是保存从developer.apple.com下载的私钥的文件

  3. 登录到developer.apple.com并单击帐户即可找到teamID,可以在右上角看到teamID

  4. aud的值应为https://appleid.apple.com

  5. app_id是应用程序的捆绑包标识符

如果有帮助的话,下面是在python中创建一个client_secret的可行解决方案:

# $ pip install pyjwt
import jwt
import time
kid = "myKeyId"  
keyFile = "/pathToFile/AuthKey.p8"
key = ""
with open(keyFile, 'r') as myFile:
    key = myFile.read()
print(key)
timeNow = int(round(time.time()))
time3Months = timeNow + 86400*90
claims = {
    'iss': teamID,
    'iat': timeNow,
    'exp': time3Months,
    'aud': 'https://appleid.apple.com',
    'sub': app_id,
}
secret = jwt.encode(claims, key, algorithm='ES256', headers={'kid': kid})
print("secret:")
print(secret)
client_secret = secret.decode("utf-8")
print(client_secret)

以上是 使用Apple登录的invalid_client 的全部内容, 来源链接: utcz.com/qa/436055.html

回到顶部