- Normal OAuth flow
- Electron app should open in browser:
https://appleid.apple.com/auth/authorize?redirect_uri=https://chaseapp.io/api/v1/public/apple/oauth&client_id=chase.app.service&response_mode=form_post&response_type=code&scope=openid%20email%20name&state=
- Payload received on redirect URL:
const data = req.body as {
state?: string;
code?: string;
error?: string;
// We get user object on the FIRST authentication only! Email is eventually encoded in the token but not user's name
// and there is no api to get it from Apple anytime later.
user?: string;
};
- fork
node-mac-sign-in-with-apple
to fix crash (it's crashing on newer electron versions) and returncode
as well - in app, in renderer on click on 'Sign In with Apple' call over to main process
- call
node-mac-sign-in-with-apple
from main process during sign in - send
code
+ name + email back to renderer and to backend to possibly redirect URL to handle it the same way as normal web-based OAuth flow
- on backend, get authorization token from Apple or app with
code
- authorize
code
with Apple to getaccess_token
,refresh_token
,id_token
- verify
id_token
(JWT token) - then keep on refreshing token, normal JWT scenario