[英]How to sign in with apple by the grant type of authorization_code (Java)
我有一个问题,当应用程序将 identifityCode 和授权码发送到应用程序服务器时,我尝试向苹果服务器验证代码,但它总是显示错误“invalid_client”,这是我的代码:
public static String appleAuth(String authorizationCode) throws Exception {
String token = generateJWT();
HttpResponse<String> response = Unirest.post(APPLE_AUTH_URL)
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header(HttpHeaders.USER_AGENT, "my app")
.field("client_id", CLIENT_ID)
.field("client_secret", token)
.field("grant_type", "authorization_code")
.field("code", authorizationCode)
.asString();
TokenResponse tokenResponse = new Gson().fromJson(response.getBody(), TokenResponse.class);
String idToken = tokenResponse.getId_token();
String payload = idToken.split("\\.")[1];//0 is header we ignore it for now
String decoded = new String(Decoders.BASE64.decode(payload));
IdTokenPayload idTokenPayload = new Gson().fromJson(decoded, IdTokenPayload.class);
return idTokenPayload.getSub();
}
生成 JWT
private static String generateJWT() throws Exception {
if (pKey == null) {
pKey = getPrivateKey();
}
String token = Jwts.builder()
.setHeaderParam(JwsHeader.ALGORITHM, "ES256")
.setHeaderParam(JwsHeader.KEY_ID, KEY_ID)
.setIssuer(TEAM_ID)
.setAudience("https://appleid.apple.com")
.setSubject(CLIENT_ID)
.setExpiration(new Date(System.currentTimeMillis() + (1000 * 60 * 60 * 24 * 5)))
.setIssuedAt(new Date(System.currentTimeMillis()- (1000 * 60 * 60 * 24 * 2)))
//.setExpiration(new Date(Date.from(Instant.EPOCH).getTime() + (1000 * 60 * 60 * 24 * 2)))
//.setIssuedAt(new Date(Date.from(Instant.EPOCH).getTime() - (1000 * 60 * 60 * 24 * 1)))
// .setNotBefore(new Date(System.currentTimeMillis()- (1000 * 60 * 60 * 24 * 2)))
.signWith(SignatureAlgorithm.ES256, pKey)
.compact();
return token;
}
获取私钥
private static PrivateKey getPrivateKey() throws Exception {
//read your key
String path = new ClassPathResource("AuthKey_279SCN3AMY.p8").getFile().getAbsolutePath();
final PEMParser pemParser = new PEMParser(new FileReader(path));
final JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
final PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject();
final PrivateKey pKey = converter.getPrivateKey(object);
return pKey;
}
我相信当Apple 文档说需要秒时,您使用毫秒来表示和到期。
其他一切对我来说都是正确的。
GET /oauth/token with grant_type=authorization_code 返回未授权
[英]GET /oauth/token with grant_type=authorization_code returns unauthorized
我可以在 Spring Boot 中为 oauth2 在同一个项目中同时使用 grant_type=password 和 grant_type=authorization_code
[英]Can i use both grant_type=password and grant_type=authorization_code in same project for oauth2 in spring boot
针对OAuth2authorization_code发布请求获取无效赠款以进行Google Play结算购买验证
[英]Getting Invalid Grant on OAuth2 authorization_code post request for Google Play Billing purchase verification
Java中没有web浏览器是否可以在OAuth 2.0中获取authorization_code?
[英]Is it possible to get authorization_code in OAuth 2.0 without web browser in Java?
使用 Java Spring Rest Z72664DC09503B0C04391C72664DC09503B0C04391C72664DC09503B0C04391C 执行授权代码授予流程
[英]Execute an Authorization Code Grant Flow Using Java Spring Rest Api
如何配置必须使用“密码”授权类型从授权服务器请求令牌的客户端 Java 应用程序?
[英]How do I configure a client Java application which must request a token from an authorization server using a 'password' grant type?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.