apple

package
v0.0.0-...-f0a2dc7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 25, 2025 License: GPL-3.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// ValidationURL is the endpoint for verifying tokens
	ValidationURL string = "https://appleid.apple.com/auth/token"
	// RevokeURL is the endpoint for revoking tokens
	RevokeURL string = "https://appleid.apple.com/auth/revoke"
	// ContentType is the one expected by Apple
	ContentType string = "application/x-www-form-urlencoded"
	// UserAgent is required by Apple or the request will fail
	UserAgent string = "go-signin-with-apple"
	// AcceptHeader is the content that we are willing to accept
	AcceptHeader string = "application/json"
)

Variables

This section is empty.

Functions

func GenerateClientSecret 

func GenerateClientSecret(signingKey, teamID, clientID, keyID string) (string, error)

GenerateClientSecret generates the client secret used to make requests to the validation server. The secret expires after 6 months

signingKey - Private key from Apple obtained by going to the keys section of the developer section teamID - Your 10-character Team ID clientID - Your Services ID, e.g. com.aaronparecki.services keyID - Find the 10-char Key ID value from the portal

func GetClaims 

func GetClaims(idToken string) (*jwt.MapClaims, error)

GetClaims decodes the id_token response and returns the JWT claims to identify the user

func GetUniqueID 

func GetUniqueID(idToken string) (string, error)

GetUniqueID decodes the id_token response and returns the unique subject ID to identify the user

Types

type AppValidationTokenRequest 

type AppValidationTokenRequest struct {
	// ClientID is the package name of your app
	ClientID string

	// ClientSecret is secret generated as a JSON Web Token that uses the secret key generated by the WWDR portal.
	// It can also be generated using the GenerateClientSecret function provided in this package
	ClientSecret string

	// The authorization code received in an authorization response sent to your app. The code is single-use only and valid for five minutes.
	// Authorization code validation requests require this parameter.
	Code string
}

AppValidationTokenRequest is based off of https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens

type CallbackRequest 

type CallbackRequest struct {
	// Code is the authorization code received from your application’s user agent.
	// The code is single use only and valid for five minutes.
	Code    string `form:"code"`
	IdToken string `form:"id_token"`
	State   string `form:"state"`
}

CallbackRequest Apple Callback Request

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client implements ValidationClient

func New 

func New(c Config) (*Client, error)

New creates a Client object with the default URLs and a default http client

func NewWithOptions 

func NewWithOptions(options ClientOptions) *Client

NewWithOptions creates a Client object with custom options. It will default to the standard options if not provided

func NewWithURL deprecated 

func NewWithURL(validationURL string, revokeURL string) *Client

NewWithURL creates a Client object with a custom URL provided

Deprecated: This function is deprecated and will be removed in a future version. Use NewWithOptions instead.

func (*Client) RevokeAccessToken 

func (c *Client) RevokeAccessToken(ctx context.Context, token string, result interface{}) error

RevokeAccessToken revokes the Access Token and gets the revoke result

func (*Client) RevokeRefreshToken 

func (c *Client) RevokeRefreshToken(ctx context.Context, token string, result interface{}) error

RevokeRefreshToken revokes the Refresh Token and gets the revoke result

func (*Client) VerifyAppToken 

func (c *Client) VerifyAppToken(ctx context.Context, reqBody AppValidationTokenRequest, result interface{}) error

VerifyAppToken sends the AppValidationTokenRequest and gets validation result

func (*Client) VerifyRefreshToken 

func (c *Client) VerifyRefreshToken(ctx context.Context, reqBody ValidationRefreshRequest, result interface{}) error

VerifyRefreshToken sends the WebValidationTokenRequest and gets validation result

func (*Client) VerifyWebToken 

func (c *Client) VerifyWebToken(ctx context.Context, code string) (ValidationResponse, error)

VerifyWebToken sends the WebValidationTokenRequest and gets validation result

type ClientOptions 

type ClientOptions struct {
	// contains filtered or unexported fields
}

ClientOptions is a struct to hold the options for the client

type Config 

type Config struct {
	TeamID       string
	ClientID     string
	KeyID        string
	ClientSecret string
	RedirectURI  string
}

type RefreshResponse 

type RefreshResponse struct {
	// (Reserved for future use) A token used to access allowed data. Currently, no data set has been defined for access.
	AccessToken string `json:"access_token"`

	// The type of access token. It will always be "bearer".
	TokenType string `json:"token_type"`

	// The amount of time, in seconds, before the access token expires. You can revalidate with this token
	ExpiresIn int `json:"expires_in"`

	// Used to capture any error returned by the endpoint. Do not trust the response if this error is not nil
	Error string `json:"error"`

	// A more detailed precision about the current error.
	ErrorDescription string `json:"error_description"`
}

RefreshResponse is a subset of ValidationResponse returned by Apple

type RevokeAccessTokenRequest 

type RevokeAccessTokenRequest struct {
	// ClientID is the "Services ID" value that you get when navigating to your "sign in with Apple"-enabled service ID
	ClientID string

	// ClientSecret is secret generated as a JSON Web Token that uses the secret key generated by the WWDR portal.
	// It can also be generated using the GenerateClientSecret function provided in this package
	ClientSecret string

	// AccessToken is the auth token given during a previous validation
	AccessToken string
}

RevokeAccessTokenRequest is based off https://developer.apple.com/documentation/sign_in_with_apple/revoke_tokens

type RevokeRefreshTokenRequest 

type RevokeRefreshTokenRequest struct {
	// ClientID is the "Services ID" value that you get when navigating to your "sign in with Apple"-enabled service ID
	ClientID string

	// ClientSecret is secret generated as a JSON Web Token that uses the secret key generated by the WWDR portal.
	// It can also be generated using the GenerateClientSecret function provided in this package
	ClientSecret string

	// RefreshToken is the refresh token given during a previous validation
	RefreshToken string
}

RevokeRefreshTokenRequest is based off https://developer.apple.com/documentation/sign_in_with_apple/revoke_tokens

type RevokeResponse 

type RevokeResponse struct {
	// Used to capture any error returned by the endpoint
	Error string `json:"error"`

	// A more detailed precision about the current error.
	ErrorDescription string `json:"error_description"`
}

RevokeResponse is based of https://developer.apple.com/documentation/sign_in_with_apple/revoke_tokens

type ValidationClient 

type ValidationClient interface {
	VerifyWebToken(ctx context.Context, reqBody WebValidationTokenRequest, result interface{}) error
	VerifyAppToken(ctx context.Context, reqBody AppValidationTokenRequest, result interface{}) error
	VerifyRefreshToken(ctx context.Context, reqBody ValidationRefreshRequest, result interface{}) error
	RevokeAccessToken(ctx context.Context, reqBody RevokeAccessTokenRequest, result interface{}) error
	RevokeRefreshToken(ctx context.Context, reqBody RevokeRefreshTokenRequest, result interface{}) error
}

ValidationClient is an interface to call the validation API

type ValidationRefreshRequest 

type ValidationRefreshRequest struct {
	// ClientID is the "Services ID" value that you get when navigating to your "sign in with Apple"-enabled service ID
	ClientID string

	// ClientSecret is secret generated as a JSON Web Token that uses the secret key generated by the WWDR portal.
	// It can also be generated using the GenerateClientSecret function provided in this package
	ClientSecret string

	// RefreshToken is the refresh token given during a previous validation
	RefreshToken string
}

ValidationRefreshRequest is based off of https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens

type ValidationResponse 

type ValidationResponse struct {
	// (Reserved for future use) A token used to access allowed data. Currently, no data set has been defined for access.
	AccessToken string `json:"access_token"`

	// The type of access token. It will always be "bearer".
	TokenType string `json:"token_type"`

	// The amount of time, in seconds, before the access token expires. You can revalidate with the "RefreshToken"
	ExpiresIn int `json:"expires_in"`

	// The refresh token used to regenerate new access tokens. Store this token securely on your server.
	// The refresh token isn’t returned when validating an existing refresh token. Please refer to RefreshReponse below
	RefreshToken string `json:"refresh_token"`

	// A JSON Web Token that contains the user’s identity information.
	IDToken string `json:"id_token"`

	// Used to capture any error returned by the endpoint. Do not trust the response if this error is not nil
	Error string `json:"error"`

	// A more detailed precision about the current error.
	ErrorDescription string `json:"error_description"`
}

ValidationResponse is based off of https://developer.apple.com/documentation/signinwithapplerestapi/tokenresponse

type WebValidationTokenRequest 

type WebValidationTokenRequest struct {
	// ClientID is the "Services ID" value that you get when navigating to your "sign in with Apple"-enabled service ID
	ClientID string

	// ClientSecret is secret generated as a JSON Web Token that uses the secret key generated by the WWDR portal.
	// It can also be generated using the GenerateClientSecret function provided in this package
	ClientSecret string

	// Code is the authorization code received from your application’s user agent.
	// The code is single use only and valid for five minutes.
	Code string

	// RedirectURI is the destination URI the code was originally sent to.
	// Redirect URLs must be registered with Apple. You can register up to 10. Apple will throw an error with IP address
	// URLs on the authorization screen, and will not let you add localhost in the developer portal.
	RedirectURI string
}

WebValidationTokenRequest is based off of https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.