Skip to content

Instantly share code, notes, and snippets.

@gerhardberger

gerhardberger/chase-sign-in-with-apple.md

Last active May 6, 2021 21:25
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gerhardberger/9de1aeda0f2b75ba4cd07675b95a12e0 to your computer and use it in GitHub Desktop.
Save gerhardberger/9de1aeda0f2b75ba4cd07675b95a12e0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
chase-sign-in-with-apple.md

Sign in with Apple in ChaseApp

Apple docs

Web flow

  • Normal OAuth flow
  • Electron app should open in browser: https://appleid.apple.com/auth/authorize?redirect_uri=https://chaseapp.io/api/v1/public/apple/oauth&client_id=chase.app.service&response_mode=form_post&response_type=code&scope=openid%20email%20name&state=
  • Payload received on redirect URL:
const data = req.body as {
  state?: string;
  code?: string;
  error?: string;
  // We get user object on the FIRST authentication only! Email is eventually encoded in the token but not user's name
  // and there is no api to get it from Apple anytime later.
  user?: string;
};

Native flow

  • fork node-mac-sign-in-with-apple to fix crash (it's crashing on newer electron versions) and return code as well
  • in app, in renderer on click on 'Sign In with Apple' call over to main process
  • call node-mac-sign-in-with-apple from main process during sign in
  • send code + name + email back to renderer and to backend to possibly redirect URL to handle it the same way as normal web-based OAuth flow

Common flow

  • on backend, get authorization token from Apple or app with code
  • authorize code with Apple to get access_token, refresh_token, id_token
  • verify id_token (JWT token)
  • then keep on refreshing token, normal JWT scenario
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment