我试图实现的目标:
- iOS客户端将JWT令牌发送到后端。
- 后端(Java)调用https://appleid.apple.com/auth/token来验证令牌。
我到目前为止有什么:
拨打Apple验证电话:
restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
MultiValueMap<String,String> map = new LinkedMultiValueMap<>();
map.add("client_id",clientId); // app_id like com.app.id
String token = generateJWT(); // generated jwt
map.add("client_secret",token);
map.add("grant_type","authorization_code");
map.add("code",authorizationCode); // JWT code we got from iOS
HttpEntity<MultiValueMap<String,String>> request = new HttpEntity<>(map,headers);
final String appleAuthURL = "https://appleid.apple.com/auth/token";
String response = restTemplate.postForObject(appleAuthURL,request,String.class);
代币生成:
final PrivateKey privateKey = getPrivateKey();
final int expiration = 1000 * 60 * 5;
String token = Jwts.builder()
.setHeaderParam(JwsHeader.KEY_ID,keyId) // key id I got from Apple
.setIssuer(teamId)
.setaudience("https://appleid.apple.com")
.setSubject(clientId) // app id com.app.id
.setExpiration(new Date(System.currentTimeMillis() + expiration))
.setIssuedAt(new Date(System.currentTimeMillis()))
.signWith(SignatureAlgorithm.ES256,privateKey) // ECDSA using P-256 and SHA-256
.compact();
return token;
从文件中获取我的私钥:
final Reader pemReader = new StringReader(getKeyData());
final PEMParser pemParser = new PEMParser(pemReader);
final JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
final PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject();
final PrivateKey pKey = converter.getPrivateKey(object);
我确认我的JWT具有所有必填字段:
{
"kid": "SAME KEY AS MY KEY ID","alg": "ES256"
}
{
"iss": "Blahblah","aud": "https://appleid.apple.com","sub": "com.app.id","exp": 1578513833,"iat": 1578513533
}