Skip to content

Instantly share code, notes, and snippets.

@nov
Last active January 26, 2023 04:24
Show Gist options
  • Save nov/993a303aa6badd8447f7b96fb952088e to your computer and use it in GitHub Desktop.
Save nov/993a303aa6badd8447f7b96fb952088e to your computer and use it in GitHub Desktop.
require 'apple_id'
# NOTE: in debugging mode, you can see all HTTPS request & response in the log.
# AppleID.debug!
pem = <<-PEM
-----BEGIN PRIVATE KEY-----
:
:
-----END PRIVATE KEY-----
PEM
private_key = OpenSSL::PKey::EC.new pem
client = AppleID::Client.new(
identifier: '<YOUR-CLIENT-ID>',
team_id: '<YOUR-TEAM-ID>',
key_id: '<YOUR-KEY-ID>',
private_key: private_key,
redirect_uri: '<YOUR-REDIRECT-URI>'
)
authorization_uri = client.authorization_uri(scope: [:email, :name])
puts authorization_uri
`open "#{authorization_uri}"`
print 'code: ' and STDOUT.flush
code = gets.chop
client.authorization_code = code
response = client.access_token!
response.id_token.verify!(
client: client,
access_token: response.access_token,
# NOTE:
# When verifying signature, one http request to Apple's JWKs are required.
# You can skip ID Token signature verification when you got the token directly from the token endpoint in TLS channel.
verify_signature: false
)
puts response.id_token.sub # => OpenID Connect Subject Identifier (= Apple User ID)
puts response.id_token.original_jwt.pretty_generate
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment