Home>PHP source code>Other categories
Download

Sign-in with Apple SDK

Installation

Recommended and easiest way to installing library is through Composer.

composer require azimolabs/apple-sign-in-php-sdk

Requirements

  • PHP 7.1+
  • OpenSSL Extension

PHP support

PHP version Library version
5.x NOT SUPPORTED
> 7.0 <= 7.3 1.4.x
>= 7.4 < 8.0 1.5.x
>= 8.0 & ^7.4 2.0.x
>= 8.1 3.0.x

Versioning follows semver standard.

How it works

This description assumes that you already have generated identityToken . Remember that token is valid ONLY for 10 minutes.

The first step to verify the identity token is to generate a public key. To generate public key exponent and modulus values are required. Both information are exposed in Apple API endpoint. Those values differ depending on the algorithm.

The second step is verification if provided identityToken is valid against generated public key. If so we are sure that identityToken wasn't malformed.

The third step is validation if token is not expired. Additionally it is worth to check issuer and audience, examples are shown below.

Basic usage

Once you have cloned repository, make sure that composer dependencies are installed running composer install -o.

$appleJwtFetchingService = new AuthServiceAppleJwtFetchingService(
            new AuthJwtJwtParser(new LcobucciJWTTokenParser(new LcobucciJWTEncodingJoseEncoder())),
            new AuthJwtJwtVerifier(
                new ApiAppleApiClient(
                    new GuzzleHttpClient(
                        [
                            'base_uri'        => 'https://appleid.apple.com',
                            'timeout'         => 5,
                            'connect_timeout' => 5,
                        ]
                    ),
                    new ApiFactoryResponseFactory()
                ),
                new LcobucciJWTValidationValidator(),
                new LcobucciJWTSignerRsaSha256()
            ),
            new AuthJwtJwtValidator(
                new LcobucciJWTValidationValidator(),
                [
                    new LcobucciJWTValidationConstraintIssuedBy('https://appleid.apple.com'),
                    new LcobucciJWTValidationConstraintPermittedFor('com.c.azimo.stage'),
                ]
            ),
            new AuthFactoryAppleJwtStructFactory()
        );

$appleJwtFetchingService->getJwtPayload('your.identity.token');

If you don't want to copy-paste above code you can paste freshly generated identityToken in tests/E2e/Auth/AppleJwtFetchingServiceTest.php:53 and run tests with simple command php vendor/bin/phpunit tests/E2e.

$ php vendor/bin/phpunit tests/E2e
PHPUnit 9.2.5 by Sebastian Bergmann and contributors.

Random seed:   1594414420

.                                                                   1 / 1 (100%)

Time: 00:00.962, Memory: 8.00 MB

OK (1 test, 1 assertion)

Todo

It is welcome to open a pull request with a fix for any issue:

  • Upgrade phpseclib/phpseclib to version 3.0.7
  • Upgrade lcobucci/jwt to version 4.x. Reported in: Implicit conversion of keys from strings is deprecated. #2
  • Make library compatible with PHP 7.4.3. Reported in Uncaught JsonException: Malformed UTF-8 characters
  • Make library compatible with PHP 8.0.0
  • Refactor AzimoAppleApiEnumCryptographicAlgorithmEnum, so algorithms are fetched dynamically from https://appleid.apple.com/auth/keys
  • Create contribution guide

Miscellaneous

  • JSON web token
  • Sign in with Apple overwiew
  • How backend token verification works
Expand
Additional Information
Related Applications
Recommended for You
Related Information All