Documentation ¶
Overview ¶
secret generates the secret used for validation requests.
user retrive the information about validated apple user from idToken
validation handles the sign in token validations.
Index ¶
- Constants
- Variables
- type Claims
- type ErrorResponse
- type Request
- func (req *Request) GenerateClientSecret() (string, error)
- func (req *Request) NewRegisteredClaims() *jwt.RegisteredClaims
- func (req *Request) ValidateCode(ctx context.Context, code string) (*TokenResponse, error)
- func (req *Request) ValidateCodeWithRedirectURI(ctx context.Context, code string, redirectURI string) (*TokenResponse, error)
- func (req *Request) ValidateRefreshToken(ctx context.Context, refreshToken string) (*TokenResponse, error)
- type TokenResponse
- type User
- type Validation
Constants ¶
const ( VALIDATION_URL = "https://appleid.apple.com/auth/token" CONTENT_TYPE = "application/x-www-form-urlencoded" USER_AGENT = "apple-sdk-go" ACCEPT = "application/json" )
const (
AUDIENCE = "https://appleid.apple.com"
)
Variables ¶
var ( // The request is malformed, typically because it’s missing a parameter, // contains an unsupported parameter, includes multiple credentials, // or uses more than one mechanism for authenticating the client. InvalidRequest string = "invalid_request" InvalidRequestMsg string = "" /* 199-byte string literal not displayed */ // The client authentication failed, typically due to a mismatched or invalid client identifier, // invalid client secret (expired token, malformed claims, or invalid signature), or mismatched or invalid redirect URI. InvalidClient string = "invalid_client" InvalidClientMsg string = "" /* 211-byte string literal not displayed */ // The authorization grant or refresh token is invalid, // typically due to a mismatched or invalid client identifier, // invalid code (expired or previously used authorization code), // or invalid refresh token. InvalidGrant string = "invalid_grant" InvalidGrantMsg string = "" /* 200-byte string literal not displayed */ // The client isn’t authorized to use this authorization grant type. // The authenticated client isn’t authorized to use this grant type. UnsupportedGrantType string = "unsupported_grant_type" UnsupportedGrantTypeMsg string = "The authenticated client is not authorized to use this grant type." // The requested scope is invalid. InvalidScope string = "invalid_scope" InvalidScopeMsg string = "The requested scope is invalid." )
var InvalidSecretFileMsg = "please specify secret key file path"
Functions ¶
This section is empty.
Types ¶
type ErrorResponse ¶
type ErrorResponse struct {
Error string `json:"error"`
}
type Request ¶
type Request struct { // 10-char App Id prefix found in App identifiers section TeamID string //ClientID is the "Services ID" value that you get when navigating to your "sign in with Apple"-enabled service ID ClientID string // This is the ID of the private key KeyID string // This is the private key file (.p8). You can download it from apple portal ClientSecret []byte HttpClient httpClient }
func WithCustomClient ¶
func WithCustomClient(client httpClient, teamId, clientId, keyId, secretKeyPath string) (*Request, error)
Returns new secret request with given client
func WithDefaultClient ¶
Returns new secret request with default client
func (*Request) GenerateClientSecret ¶
GenerateClientSecret returns a secret used to validate server requests SecretRequest is required to generate secret. Method will throw error if data is empty or wrong.
func (*Request) NewRegisteredClaims ¶
func (req *Request) NewRegisteredClaims() *jwt.RegisteredClaims
NewRegisteredClaims generates jwt claims from SecretRequest.
func (*Request) ValidateCode ¶
Validates request using the authorization code received in an authorization response sent to your app. Returns TokenResponse and error
func (*Request) ValidateCodeWithRedirectURI ¶
func (req *Request) ValidateCodeWithRedirectURI(ctx context.Context, code string, redirectURI string) (*TokenResponse, error)
Validate request using destinatio URI provided in authorization request Returns TokenResponse and error
func (*Request) ValidateRefreshToken ¶
func (req *Request) ValidateRefreshToken(ctx context.Context, refreshToken string) (*TokenResponse, error)
Validates given refresh token Returns TokenResponse and error
type TokenResponse ¶
type TokenResponse struct { // The refresh token used to regenerate new access tokens when validating an authorization code. // Store this token securely on your server. // The refresh token isn’t returned when validating an existing refresh token. RefreshToken string `json:"refresh_token"` // A token used to access allowed data, // such as generating and exchanging transfer identifiers during user migration AccessToken string `json:"access_token"` // The amount of time, in seconds, before the access token expires. ExpiresIn int `json:"expires_in"` // A JSON Web Token (JWT) that contains the user’s identity information. IDToken string `json:"id_token"` // The type of access token, which is always bearer. TokenType string `json:"token_type"` Claims claims }
Response after validation process from apple
func (*TokenResponse) Email ¶
func (resp *TokenResponse) Email() (string, error)
Email returns the user email
func (*TokenResponse) GetUser ¶
func (resp *TokenResponse) GetUser() (*User, error)
GetUser will get claims, and returns the user using claims
func (*TokenResponse) RealUserStatus ¶
func (resp *TokenResponse) RealUserStatus() (int, error)
RealUserStatus returns whether the user appears to be a real person. The possible values are: 0 (or Unsupported), 1 (or Unknown), 2 (or LikelyReal).
func (*TokenResponse) UniqueID ¶
func (resp *TokenResponse) UniqueID() (string, error)
UniqueID returns the unique subject ID to identify the user
type User ¶
type User struct { // The unique identifier for the user (sub). ID string `json:"id"` // A string value that represents the user’s email address. // The email address is either the user’s real email address or the proxy address, // depending on their private email relay service. Email string `json:"email"` // A string or Boolean value that indicates whether the service verifies the email. EmailVerified bool `json:"email_verified"` // A string or Boolean value that indicates whether the email // that the user shares is the proxy address. // The value can either be a string ("true" or "false") or a Boolean (true or false). IsPrivateEmail bool `json:"is_private_email"` // An Integer value that indicates whether the user appears to be a real person. // Use the value of this claim to mitigate fraud. // The possible values are: 0 (or Unsupported), 1 (or Unknown), 2 (or LikelyReal). RealUserStatus int `json:"real_user_status"` }
User will have the information of authenticated user of Apple.
type Validation ¶
type Validation interface { // Validates request using the authorization code received in an authorization // response sent to your app. // Returns accessToken, refreshToken, idToken ValidateCode(ctx context.Context, code string) (*TokenResponse, error) // Validate request using destinatio URI provided in authorization request // Returns accessToken, refreshToken, idToken ValidateCodeWithRedirectURI(ctx context.Context, code string, redirectURI string) (*TokenResponse, error) // Validates given refresh token // Returns accessToken and idToken ValidateRefreshToken(ctx context.Context, refreshToken string) (*TokenResponse, error) }