苹果登录的后台验证token(JAVA)sign with apple

小咪咪 2023-07-10 11:25 9阅读 0赞

苹果登录后台token校验分为2种方式:
1、jwt校验
2、授权码校验
我这里记录一下第一种方式
流程大致如下:
在这里插入图片描述
添加maven依赖:

  1. <dependency>
  2.     <groupId>io.jsonwebtoken</groupId>
  3.     <artifactId>jjwt</artifactId>
  4.     <version>0.9.1</version>
  5. </dependency>
  6. <dependency>
  7.     <groupId>com.auth0</groupId>
  8.     <artifactId>jwks-rsa</artifactId>
  9.     <version>0.9.0</version>
  10. </dependency>
  11. <dependency>
  12.     <groupId>com.alibaba</groupId>
  13.     <artifactId>fastjson</artifactId>
  14.     <version>1.2.60</version>
  15. </dependency>

代码献上:

  1. /** * @Description apple登录--identifyToken校验 * @Author Chongwen.jiang * @Date 2020/2/24 19:28 * @ModifyDate 2020/2/24 19:28 * @Params [identifyToekn] * @Return boolean false:未通过token校验,true:通过校验 */
  2.   private boolean checkIdentifyToken(BaseRequest request) { 
  3.       String identifyToken = request.getIdentifyToken();
  4.       logger.info("checkIdentifyToken-identifyToken:{}", identifyToken);
  5.       // 向苹果后台获取公钥参数
  6.       String appleResp = null;
  7.       try { 
  8.           appleResp = HttpClientCloudUtils.getHttpExecute("https://appleid.apple.com/auth/keys");
  9.           logger.info("checkIdentifyToken-appleResp:{}", appleResp);
  10.       } catch (Exception e) { 
  11.           logger.info("checkIdentifyToken-get apple public key fail " + e.getMessage());
  12.           throw new PicaException("get apple public key fail Exception", "get apple public key fail");
  13.       }
  14.       JSONObject appleRespJson = JSONObject.parseObject(appleResp);
  15.       String keys = appleRespJson.getString("keys");
  16.       JSONArray keysArr = JSONObject.parseArray(keys);
  18.       if (identifyToken.split("\\.").length < 2) { 
  19.           throw new PicaException("get identifyToken fail Exception", "get identifyToken format Exception");
  20.       }
  21.       JSONObject useAppleAuth = new JSONObject();
  22.       String inAuth = new String(Base64.decodeBase64(identifyToken.split("\\.")[0]));
  23.       String inKid = JSONObject.parseObject(inAuth).get("kid").toString();
  24.       for(Object obj : keysArr){ 
  25.           JSONObject appleAuth = JSONObject.parseObject(obj.toString());
  26.           if(inKid.equals(appleAuth.getString("kid"))){ 
  27.               useAppleAuth = appleAuth;
  28.               logger.info("checkIdentifyToken-jsonObject1:{}", useAppleAuth);
  29.               break;
  30.           }
  31.       }
  33.       // 通过jar生成publicKey
  34.       PublicKey publicKey;
  35.       try { 
  36.           Jwk jwa = Jwk.fromValues(useAppleAuth);
  37.           publicKey = jwa.getPublicKey();
  38.       } catch (Exception e) { 
  39.           logger.info("checkIdentifyToken-generate publicKey fail " + e.getMessage());
  40.           throw new PicaException("checkIdentifyToken-generate publicKey fail", "generate publicKey fail");
  41.       }
  43.       // 分割前台传过来的identifyToken(jwt格式的token)用base64解码使用
  44.       String aud;
  45.       String sub;
  46.       try { 
  47.           String claim = new String(Base64.decodeBase64(identifyToken.split("\\.")[1]));
  48.           //logger.info("checkIdentifyToken-claim:{}", claim);
  49.           aud = JSONObject.parseObject(claim).get("aud").toString();
  50.           sub = JSONObject.parseObject(claim).get("sub").toString();
  51.           // appleUserId从token中解码取出后赋值
  52.           request.setAppleUserId(sub);
  53.       } catch (Exception e) { 
  54.           logger.info("checkIdentifyToken-token decode fail " + e.getMessage());
  55.           throw new PicaException("checkIdentifyToken-token decode fail Exception", "token decode fail");
  56.       }
  57.       return this.verify(publicKey, identifyToken, aud, sub, request);
  58.   }
  60.   /** * @Description 验证苹果公钥 * @Author Chongwen.jiang * @Date 2020/2/24 19:49 * @ModifyDate 2020/2/24 19:49 * @Params [key, jwt, audience, subject] * @Return boolean */
  61.   private boolean verify(PublicKey key, String jwt, String audience, String subject, BaseRequest request) { 
  62.       JwtParser jwtParser = Jwts.parser().setSigningKey(key);
  63.       jwtParser.requireIssuer("https://appleid.apple.com");
  64.       jwtParser.requireAudience(audience);
  65.       jwtParser.requireSubject(subject);
  66.       try { 
  67.           logger.info("checkIdentifyToken-apple-verify-starting");
  68.           Jws<Claims> claim = jwtParser.parseClaimsJws(jwt);
  69.           logger.info("acheckIdentifyToken-apple-verify-claim:{}", JSON.toJSONString(claim));
  70.           //logger.info("apple-verify-claim.getBody:{}", JSON.toJSONString(claim.getBody()));
  71.           if (claim != null && claim.getBody().containsKey("auth_time")) { 
  72.               request.setInfo(JSON.toJSONString(claim.getBody()));
  73.               JSONObject claimBody = JSONObject.parseObject(JSON.toJSONString(claim.getBody()), JSONObject.class);
  74.               request.setAppleId(claimBody.getString("email"));
  75.               return true;
  76.           }
  77.           return false;
  78.       } catch (ExpiredJwtException e) { 
  79.           logger.info("checkIdentifyToken-apple token expired " + e.getMessage());
  80.           throw new PicaException("apple token expired Exception", "apple token expired");
  81.       } catch (Exception e) { 
  82.           logger.info("checkIdentifyToken-apple token illegal " + e.getMessage());
  83.           throw new PicaException("apple token illegal Exception", "apple token illegal");
  84.       }
  85.   }

参考链接:
jwt技术认识
sign with apple
官方文档
在这里插入图片描述

发表评论

表情:
评论列表 (有 0 条评论,9人围观)

还没有评论,来说两句吧...

相关阅读

    相关 Apple登录

    目前的APP在苹果上如果要使用第三方登录就必须实现apple登录,本文在Spring Security的基础上整合apple登录。 [苹果文档][Link 1] 没有例子

    末蓝、末蓝、/ 0/ 22 阅读