-
-
Save hdchinh/0fb1d50058ec8be9e9eacfee4b256c48 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class AppleSignInController < ApplicationController | |
| APPLE_PEM_URL = "https://appleid.apple.com/auth/keys" | |
| # /api/apple/validate | |
| def validate | |
| name = params[:name] | |
| userIdentity = params[:userIdentity] | |
| jwt = params[:jwt] | |
| begin | |
| header_segment = JSON.parse(Base64.decode64(jwt.split(".").first)) | |
| alg = header_segment["alg"] | |
| kid = header_segment["kid"] | |
| apple_response = Net::HTTP.get(URI.parse(APPLE_PEM_URL)) | |
| apple_certificate = JSON.parse(apple_response) | |
| keyHash = ActiveSupport::HashWithIndifferentAccess.new(apple_certificate["keys"].select {|key| key["kid"] == kid}[0]) | |
| jwk = JWT::JWK.import(keyHash) | |
| token_data = JWT.decode(jwt, jwk.public_key, true, {algorithm: alg})[0] | |
| if token_data.has_key?("sub") && token_data.has_key?("email") && userIdentity == token_data["sub"] | |
| puts "Name: " + name + " is validated." | |
| # TODO: Create a user in ur rails app and generate an auth token for future requests. Remember to use the "userIdentity" as the | |
| # primary user key - this because the email address will change all the time | |
| # TODO: Render response to app | |
| else | |
| # TODO: Render error to app | |
| end | |
| rescue StandardError => e | |
| # TODO: Render error to app | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment