[英]invalid_client for sign in with apple
What I try to achieve:我试图实现的目标:
what I have so far:到目前为止我所拥有的:
to make Apple verification call:拨打苹果验证电话:
restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
map.add("client_id", clientId); // app_id like com.app.id
String token = generateJWT(); // generated jwt
map.add("client_secret", token);
map.add("grant_type", "authorization_code");
map.add("code", authorizationCode); // JWT code we got from iOS
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(map, headers);
final String appleAuthURL = "https://appleid.apple.com/auth/token";
String response = restTemplate.postForObject(appleAuthURL, request, String.class);
token generation:代币生成:
final PrivateKey privateKey = getPrivateKey();
final int expiration = 1000 * 60 * 5;
String token = Jwts.builder()
.setHeaderParam(JwsHeader.KEY_ID, keyId) // key id I got from Apple
.setIssuer(teamId)
.setAudience("https://appleid.apple.com")
.setSubject(clientId) // app id com.app.id
.setExpiration(new Date(System.currentTimeMillis() + expiration))
.setIssuedAt(new Date(System.currentTimeMillis()))
.signWith(SignatureAlgorithm.ES256, privateKey) // ECDSA using P-256 and SHA-256
.compact();
return token;
to get my private key from the file:从文件中获取我的私钥:
final Reader pemReader = new StringReader(getKeyData());
final PEMParser pemParser = new PEMParser(pemReader);
final JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
final PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject();
final PrivateKey pKey = converter.getPrivateKey(object);
I confirmed my JWT has all required fields:我确认我的 JWT 具有所有必填字段:
{
"kid": "SAME KEY AS MY KEY ID",
"alg": "ES256"
}
{
"iss": "Blahblah",
"aud": "https://appleid.apple.com",
"sub": "com.app.id",
"exp": 1578513833,
"iat": 1578513533
}
This line caught my attention:这行引起了我的注意:
map.add("code", authorizationCode); // JWT code we got from iOS
The authorizationCode
is not a jwt
authorizationCode
不是jwt
JSON Web Tokens consist of 3 parts separated by dots JSON Web Tokens 由 3 部分组成,以点分隔
but the authorizationCode
has 4 parts like this:但
authorizationCode
有 4 个部分是这样的:
text1.text2.0.text3
You are probably using the identityToken
from the iOS app instead of the authorizationCode
您可能正在使用 iOS 应用程序中的
identityToken
而不是authorizationCode
This is how you retrieve it:这是您检索它的方式:
let authorizationCode = String(data: appleIDCredential.authorizationCode!, encoding: .utf8)!
print("authorizationCode: \(authorizationCode)")
Also good to have the following in mind for those who might come here after getting the same invalid_client
error:对于那些在收到相同的
invalid_client
错误后可能来到这里的人,请记住以下几点:
kid is the id for the private key from developer.apple.com/account/resources/authkeys/list
Kid 是来自 developer.apple.com/account/resources/authkeys/list 的私钥的 ID
keyFile is the file holding the private key downloaded from developer.apple.com
keyFile 是保存从 developer.apple.com 下载的私钥的文件
teamID can be found by logging in to developer.apple.com and clicking on account, the teamID can be seen in the upper right corner
登录developer.apple.com,点击账号,可以找到teamID,右上角可以看到teamID
the value in aud should be https://appleid.apple.com
aud 中的值应为https://appleid.apple.com
app_id is the bundle identifier for the app
app_id 是应用程序的包标识符
In case it might help, here is a working solution in python to create a client_secret:如果它可能有帮助,这里有一个在 python 中创建 client_secret 的工作解决方案:
# $ pip install pyjwt
import jwt
import time
kid = "myKeyId"
keyFile = "/pathToFile/AuthKey.p8"
key = ""
with open(keyFile, 'r') as myFile:
key = myFile.read()
print(key)
timeNow = int(round(time.time()))
time3Months = timeNow + 86400*90
claims = {
'iss': teamID,
'iat': timeNow,
'exp': time3Months,
'aud': 'https://appleid.apple.com',
'sub': app_id,
}
secret = jwt.encode(claims, key, algorithm='ES256', headers={'kid': kid})
print("secret:")
print(secret)
client_secret = secret.decode("utf-8")
print(client_secret)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.