Skip to content

Instantly share code, notes, and snippets.

@codyromano
Created April 22, 2020 19:08
Show Gist options
  • Save codyromano/acf6b43b54196e294cb4650998b48f37 to your computer and use it in GitHub Desktop.
Save codyromano/acf6b43b54196e294cb4650998b48f37 to your computer and use it in GitHub Desktop.
import jwksClient from 'jwks-rsa';
import jsonWebToken from 'jsonwebtoken';
const jwksUri = 'https://appleid.apple.com/auth/keys';
const client = jwksClient({
jwksUri
});
function getKey(header, callback) {
client.getSigningKey(header.kid, function(err, key) {
callback(null, key.getPublicKey());
});
}
export function validateAppleIdentityToken(identityToken: string): boolean {
const token: string = Buffer.from(identityToken, 'base64').toString('utf8');
const payload = jsonWebToken.verify(token, getKey, null, function (err, decoded) {
if (err) {
throw err;
}
if (!decoded.iss || decoded.iss !== "https://appleid.apple.com") {
throw new Error('Apple JWT has invalid issuer');
}
if (!decoded.aud || decoded.aud !== "com.tilig.Tilig-app") {
throw new Error('Apple JWT has invalid audience');
}
if (!decoded.exp || decoded.exp >= new Date().getTime()) {
throw new Error('Apple JWT has an invalid expiration');
}
});
return !!payload;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment