Documentation ¶
Overview ¶
Package `apple` implements the OAuth2 protocol for authenticating users through Apple. This package can be used as a reference implementation of an OAuth2 provider for Goth.
Index ¶
- Constants
- func MakeSecret(sp SecretParams) (*string, error)
- type BoolString
- type ID
- type IDTokenClaims
- type Provider
- func (p Provider) BeginAuth(state string) (goth.Session, error)
- func (p Provider) Client() *http.Client
- func (p Provider) ClientId() string
- func (Provider) Debug(bool)
- func (p Provider) FetchUser(session goth.Session) (goth.User, error)
- func (p Provider) Name() string
- func (p Provider) RedirectURL() string
- func (p Provider) RefreshToken(refreshToken string) (*oauth2.Token, error)
- func (Provider) RefreshTokenAvailable() bool
- func (p Provider) Secret() string
- func (p *Provider) SetName(name string)
- func (Provider) UnmarshalSession(data string) (goth.Session, error)
- type SecretParams
- type Session
Constants ¶
const ( ScopeEmail = "email" ScopeName = "name" AppleAudOrIss = "https://appleid.apple.com" )
Variables ¶
This section is empty.
Functions ¶
func MakeSecret ¶
func MakeSecret(sp SecretParams) (*string, error)
Types ¶
type BoolString ¶
BoolString is a type that can be unmarshalled from a JSON field that can be either a boolean or a string. It is used to unmarshal some fields in the Apple ID token that can be sent as either boolean or string. See https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple#3383773
func (*BoolString) UnmarshalJSON ¶
func (bs *BoolString) UnmarshalJSON(data []byte) error
func (*BoolString) Value ¶
func (bs *BoolString) Value() bool
type IDTokenClaims ¶
type IDTokenClaims struct { jwt.StandardClaims AccessTokenHash string `json:"at_hash"` AuthTime int `json:"auth_time"` Email string `json:"email"` IsPrivateEmail BoolString `json:"is_private_email"` EmailVerified BoolString `json:"email_verified,omitempty"` }
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
func (Provider) FetchUser ¶
Apple doesn't seem to provide a user profile endpoint like all the other providers do. Therefore this will return a User with the unique identifier obtained through authorization as the only identifying attribute. A full name and email can be obtained from the form post response (parameter 'user') to the redirect page following authentication, if the name and email scopes are requested. Additionally, if the response type is form_post and the email scope is requested, the email will be encoded into the ID token in the email claim.