Sign in with Apple 流程总结

流程图

相关说明

UserId

与用户的 Apple Id 一一对应。在同一个开发帐号下的所有 app 里，获取到的值都一样。

IdentityToken

identityToken 是一个 Json Web Token (JWT).
它由点号 (".") 分割为三部分：

• header

• payload

• signature

前两部分是两个 Json 字符串经过 base64Url 编码的结果。第三部分是前面二者加密后再做 base64Url 编码得到的。

identityToken 示例

eyJraWQiOiI4NkQ4OEtmIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiaW8uZ2l0aHViLjB4YTZhIiwiZXhwIjoxNTgxODU0NjI0LCJpYXQiOjE1ODE4NTQwMjQsInN1YiI6IjAwMTQ3Mi5kYWIwNGY5YmE5ZDM0ZjAzYWQ2NDFmYTgyZDFjNTk4Yi4wOTQ1Iiwibm9uY2UiOiJhLXJhbmRvbSAtc3RyaW5nIiwiY19oYXNoIjoiY1pheTd3cW5tSHVQY0c2RmhWRHFaQSIsImVtYWlsIjoieWY3YTNwczhobTkxQHByaXZhdGVyZWxheS5hcHBsZWlkLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjoidHJ1ZSIsImlzX3ByaXZhdGVfZW1haWwiOiJ0cnVlIiwiYXV0aF90aW1lIjoxNTgxODU0MDI0fQ.gQ5Ug1yHLdtqsYJkdLCWYLJmlUVjkhiWxFo1PE4Q4QZ4zZ3mjlMn7n5ZcbxpoIyJ7wa_qHJFTP6q4IfBPXGi5OIrnx8sOeX8DS_GAobAfIB-PaLrtAE7ZAFs0tcsU5mOrKoa5JySX3TF6PEBYl12YdTJu0774Ouu0IYYkFcXRaUUpjS7Hr-jHgQRTXkDstjnGay2GCVg49ihPWaRJLc0ARaE5wL0k0snM8ImzsoDEV8tXYuMlF8DYIGI6cRrDmLhRnPOWv1xbM9C3qmEukE9HyV051tdtIgowo2ne2XsmPqWlCDH45JLUJV7NsIuvCEsNWd9OwPLY5U6pIjNgRAbxg

前两部分解码后结果示例：

• header:

{
 kid: "86D88Kf",
 alg: "RS256"
}

• payload:

{
    "iss":"https://appleid.apple.com",
    "aud":"io.github.0xa6a",
    "exp":1581854624,
    "iat":1581854024,
    "sub":"001472.dab04f9ba9d34f03ad641fa82d1c598b.0945",
    "nonce":"a-random -string",
    "c_hash":"cZay7wqnmHuPcG6FhVDqZA",
    "email":"yf7a3ps8hm91@privaterelay.appleid.com",
    "email_verified":"true",
    "is_private_email":"true",
    "auth_time":1581854024}

字段名	说明
iss	签发机构网址
aud	bundle id
exp	int 过期时间戳
iat	签发时间
sub	user id
nouce	客户端发出请求时携带的随机串，用于对照
c_hash	一段哈希，暂无用
email	email
email_verified	email 是否确认了
is_private_email	是否为 private email
auth_time	授权时间

分享一个解码工具 JWT Decoder

获取苹果的公钥

地址

https://appleid.apple.com/auth/keys

请求方法

GET

返回示例

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "86D88Kf",
      "use": "sig",
      "alg": "RS256",
      "n": "iGaLqP6y-SJCCBq5Hv6pGDbG_SQ11MNjH7rWHcCFYz4hGwHC4lcSurTlV8u3avoVNM8jXevG1Iu1SY11qInqUvjJur--hghr1b56OPJu6H1iKulSxGjEIyDP6c5BdE1uwprYyr4IO9th8fOwCPygjLFrh44XEGbDIFeImwvBAGOhmMB2AD1n1KviyNsH0bEB7phQtiLk-ILjv1bORSRl8AK677-1T8isGfHKXGZ_ZGtStDe7Lu0Ihp8zoUt59kx2o9uWpROkzF56ypresiIl4WprClRCjz8x6cPZXU2qNWhu71TQvUFwvIvbkE1oYaJMb0jcOTmBRZA2QuYw-zHLwQ",
      "e": "AQAB"
    },
    {
      "kty": "RSA",
      "kid": "eXaunmL",
      "use": "sig",
      "alg": "RS256",
      "n": "4dGQ7bQK8LgILOdLsYzfZjkEAoQeVC_aqyc8GC6RX7dq_KvRAQAWPvkam8VQv4GK5T4ogklEKEvj5ISBamdDNq1n52TpxQwI2EqxSk7I9fKPKhRt4F8-2yETlYvye-2s6NeWJim0KBtOVrk0gWvEDgd6WOqJl_yt5WBISvILNyVg1qAAM8JeX6dRPosahRVDjA52G2X-Tip84wqwyRpUlq2ybzcLh3zyhCitBOebiRWDQfG26EH9lTlJhll-p_Dg8vAXxJLIJ4SNLcqgFeZe4OfHLgdzMvxXZJnPp_VgmkcpUdRotazKZumj6dBPcXI_XID4Z4Z3OM1KrZPJNdUhxw",
      "e": "AQAB"
    },
    {
      "kty": "RSA",
      "kid": "AIDOPK1",
      "use": "sig",
      "alg": "RS256",
      "n": "lxrwmuYSAsTfn-lUu4goZSXBD9ackM9OJuwUVQHmbZo6GW4Fu_auUdN5zI7Y1dEDfgt7m7QXWbHuMD01HLnD4eRtY-RNwCWdjNfEaY_esUPY3OVMrNDI15Ns13xspWS3q-13kdGv9jHI28P87RvMpjz_JCpQ5IM44oSyRnYtVJO-320SB8E2Bw92pmrenbp67KRUzTEVfGU4-obP5RZ09OxvCr1io4KJvEOjDJuuoClF66AT72WymtoMdwzUmhINjR0XSqK6H0MdWsjw7ysyd_JhmqX5CAaT9Pgi0J8lU_pcl215oANqjy7Ob-VMhug9eGyxAWVfu_1u6QJKePlE-w",
      "e": "AQAB"
    }
  ]
}

UI 设计官方规范

https://developer.apple.com/design/human-interface-guidelines/sign-in-with-apple/overview/buttons/

参考文章

• Authenticating Users with Sign in with Apple
• iOS 13 苹果账号登陆与后台验证相关
• 与 JOSE 战斗的日子

个人博客：https://benjaminwen.com