currencyfair/apple-sign-in-php-client
Composer 安装命令:
composer require currencyfair/apple-sign-in-php-client
包简介
PHP Client for Apple Sign-In
README 文档
README
Features Include:
- Generating an Apple authorisation link to use with your Sign-In button
- Verifying and decoding Apple JWTs
- Verifying Apple Authorisation Codes and exchanging them with Apple's API for access/refresh tokens
- Automatic fetching of Apple's public keys and generating of client secrets.
Contents
Installation
composer require currencyfair/apple-sign-in-php-client
Configuration
| Config Key | Description |
|---|---|
| clientId | Also referred to as Service ID. This can be found here. |
| privateKey | The is required to generate the Client Secret which is used to verify Authorisation Codes. You can pass a string or the path to the key file. The key can be created and downloaded here. |
| keyId | The ID associated with the above privateKey. This should be available on the page where you downloaded your private key. |
| teamId | This is usually found in the top right corner under your name in the Apple Developer area. |
| redirectUri | This is the web page users will be redirect to after (un)successful sign-in. This address must be HTTPS and cannot be localhost. See FAQ for localhost workaround. |
| defaultScopes | These are the scopes you would like returned from Apple. Apple only supports name and email. |
| apiKeysEndpoint (optional) | URL containing Apple's public key in JWK format. Unless you have a reason to change this the default should be fine. |
| apiTokenEndpoint (optional) | The endpoint used to verify Authorisation Codes. Unless you have a reason to change this the default should be fine. |
| apiAuthEndpoint (optional) | The authorisation URL used to build the URL users will sign in on. Unless you have a reason to change this the default should be fine. |
See below for examples of passing config values.
Usage & Examples
Verifying an Authorisation Code and retrieving the access/refresh tokens
<?php include './vendor/autoload.php'; use CurrencyFair\AppleId\ClientFactory; use CurrencyFair\AppleId\Config; $config = new Config( [ Config::REDIRECT_URI => 'https://your-redirect.com/', Config::CLIENT_ID => 'XXX', Config::TEAM_ID => 'XXX', Config::KEY_ID => 'XXX', Config::PRIVATE_KEY => '/full/path/to/key' // Or a string containing your key ] ); $client = ClientFactory::create($config); $authCodeResponse = $client->verifyAuthCode($_POST['code']); echo $authCodeResponse->getAccessToken(); echo $authCodeResponse->getExpiresIn(); echo $authCodeResponse->getRefreshToken();
See AuthCodeVerifyResponse for all available methods.
Verifying and Decoding Apple JWTs
<?php include './vendor/autoload.php'; use CurrencyFair\AppleId\ClientFactory; use CurrencyFair\AppleId\Config; $config = new Config( [ Config::REDIRECT_URI => 'https://your-redirect.com/', Config::CLIENT_ID => 'XXX', Config::TEAM_ID => 'XXX', Config::KEY_ID => 'XXX', Config::PRIVATE_KEY => '/full/path/to/key' // Or a string containing your key ] ); $client = ClientFactory::create($config); $jwtResponse = $client->verifyAndDecodeJwt($_POST['id_token']); echo $jwtResponse->getEmail(); echo $jwtResponse->getSubject(); // Unique user ID provided by Apple echo $jwtResponse->getIsPrivateEmail(); echo $jwtResponse->getDecodedTokenObject(); // The unmodified JWT object (Example format below)
See JwtVerifyResponse for all available methods.
Example Decoded JWT
{
"iss": "https://appleid.apple.com",
"aud": "com.yourApp.web",
"exp": 1586606495,
"iat": 1586605895,
"sub": "000609.fac4e6e9df6a4c1988870f61b86e0b8e.0000",
"at_hash": "XXX",
"email": "example@example.com",
"email_verified": "true",
"is_private_email": "false",
"auth_time": 1586605860,
"nonce_supported": true
}
Generating an Authorisation URL for your Sign-In button
<?php include './vendor/autoload.php'; use CurrencyFair\AppleId\ClientFactory; use CurrencyFair\AppleId\Config; $config = new Config( [ Config::REDIRECT_URI => 'https://your-redirect.com/', Config::CLIENT_ID => 'XXX', ] ); $client = ClientFactory::create($config); $authorisationUrl = $client->getAuthoriseUrl(); echo "<a href='{$authorisationUrl}'> Sign-In With Apple</a>";
You can also use Apple's JS SDK to show Apple's pre-styled button. Using the above method is for when you would like more control over the style of the button.
End-to-End Sign-In page & Return Page
your-sign-in-page.php
<?php include './vendor/autoload.php'; use CurrencyFair\AppleId\ClientFactory; use CurrencyFair\AppleId\Config; $config = new Config( [ Config::REDIRECT_URI => 'https://example.com/your-return-page.php', Config::CLIENT_ID => 'XXX', ] ); // We will use this to verify the request came from Apple on // the return page $_SESSION['state'] = 'Something Random'; $client = ClientFactory::create($config); $authorisationUrl = $client->getAuthoriseUrl($_SESSION['state']); echo "<a href='{$authorisationUrl}'> Sign-In With Apple</a>";
your-return-page.php
<?php include './vendor/autoload.php'; use CurrencyFair\AppleId\ClientFactory; use CurrencyFair\AppleId\Config; $state = $_POST['state']; $code = $_POST['code']; $idToken = $_POST['id_token']; $user = isset($_POST['user']) ? json_decode($_POST['user'], true) : null; // Check if the state returned from Apple matches the state we passed to // Apple from the Sign-In button if ($_SESSION['state'] !== $state) { throw new Exception('State is invalid'); } // The user will be available the first time a user registers and *not* passed // on subsequent Sign-Ins if ($user) { $fullName = $user['name']['firstName'] . ' ' . $user['name']['lastName']; $email = $user['email']; } $config = new Config( [ Config::REDIRECT_URI => 'https://example.com/your-return-page.php', Config::CLIENT_ID => 'XXX', Config::TEAM_ID => 'XXX', Config::KEY_ID => 'XXX', Config::PRIVATE_KEY => '/full/path/to/key' ] ); $client = ClientFactory::create($config); $authCodeResponse = $client->verifyAuthCode($code); echo $authCodeResponse->getAccessToken() . PHP_EOL; echo $authCodeResponse->getExpiresIn() . PHP_EOL; echo $authCodeResponse->getRefreshToken() . PHP_EOL; $jwtResponse = $client->verifyAndDecodeJwt($idToken); echo $jwtResponse->getEmail() . PHP_EOL; echo $jwtResponse->getSubject() . PHP_EOL; // Unique user ID provided by Apple echo $jwtResponse->getIsPrivateEmail() . PHP_EOL;
FAQ & Troubleshooting
I'm developing on localhost, how do I get the redirect URI to work correctly?
Unfortunately even during testing Apple doesn't allow using localhost or non-HTTPS redirect URLs. To get around this you can use a browser extension like Requestly to intercept the redirect and direct it to your localhost URL. You can also use a secure tunneling tool like Ngrok.
I'm getting an invalid_request - Invalid redirect_uri error
This usually occurs if your Redirect URI isn't configured for use in the Apple Developer area. Or the URI may be localhost or non-HTTPS.
I'm getting an Invalid Grant error when verifying my Authorisation Code
This usually means your token is expired or malformed. Apple's tokens have a 10 minute expiry, after this you will need to generate a new token.
How do I get the user's name from Apple?
Apple will only send the user's name the first time the user registers on your app. The payload is POSTed to the Redirect URI along with the authorisation code and the JWT token. The format will look like this:
{"name":{"firstName":"Dave","lastName":"Tester"},"email":"an@email.com"}
I would like the Sign-In to happen in a pop-up window
You can use Apple's JS SDK to achieve this.
I'm getting an Error processing private key error?
If you're passing the key as a string ensure the formatting is correct. An example of the correct way to pass the key:
$privateKey = <<<KEY -----BEGIN PRIVATE KEY----- XIGTAgEAxBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQg4UQtxp926Ihaslco k5Pl8Rb8h4GLav9INTdZA4dD6EmgCgYIKoZIzj0DAQehRANCAAQVRW9gj0lXdSfo EQxtT6zytXXXg64dsb0SGFV2ceYYkvOpVnjXkPCOxSkoYHPhP7eZK65sWyjOiS9 dLRtRpJX -----END PRIVATE KEY----- KEY; $config = new Config( [ Config::PRIVATE_KEY => $privateKey, ] );
Can the request to fetch Apple's public key be cached?
Yes, you can use Guzzle Middleware to handle caching. You can also inject your own cache enabled client which implements ClientInterface.
Useful links
https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
https://sarunw.com/posts/sign-in-with-apple-3
License
Developed by CurrencyFair (https://currencyfair.com) and licensed under the terms of the Apache License, Version 2.0.
currencyfair/apple-sign-in-php-client 适用场景与选型建议
currencyfair/apple-sign-in-php-client 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 102.69k 次下载、GitHub Stars 达 13, 最近一次更新时间为 2020 年 04 月 27 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「apple」 「Apple Sign-in」 「Apple Jwt」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 currencyfair/apple-sign-in-php-client 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 currencyfair/apple-sign-in-php-client 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 currencyfair/apple-sign-in-php-client 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A simple library to decode and parse Apple Sign In client tokens.
Apple Push Notification & Feedback Provider
JWT API authentication driver (Guard) for Laravel.
A lightweight package to add Google One Tap login to Laravel applications using Socialite
Laravel JWT auth service package
Send push notification to android|ios devices , support APNs, FCM
统计信息
- 总下载量: 102.69k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 14
- 点击次数: 14
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: Apache-2.0
- 更新时间: 2020-04-27