Last active
March 30, 2023 17:06
-
-
Save styrken/78ca9e32e1227620700d5d2749458704 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class AppleSignInController < ApplicationController | |
| APPLE_PEM_URL = "https://appleid.apple.com/auth/keys" | |
| # /api/apple/validate | |
| def validate | |
| name = params[:name] | |
| userIdentity = params[:userIdentity] | |
| jwt = params[:jwt] | |
| begin | |
| header_segment = JSON.parse(Base64.decode64(jwt.split(".").first)) | |
| alg = header_segment["alg"] | |
| kid = header_segment["kid"] | |
| apple_response = Net::HTTP.get(URI.parse(APPLE_PEM_URL)) | |
| apple_certificate = JSON.parse(apple_response) | |
| keyHash = ActiveSupport::HashWithIndifferentAccess.new(apple_certificate["keys"].select {|key| key["kid"] == kid}[0]) | |
| jwk = JWT::JWK.import(keyHash) | |
| token_data = JWT.decode(jwt, jwk.public_key, true, {algorithm: alg})[0] | |
| if token_data.has_key?("sub") && token_data.has_key?("email") && userIdentity == token_data["sub"] | |
| puts "Name: " + name + " is validated." | |
| # TODO: Create a user in ur rails app and generate an auth token for future requests. Remember to use the "userIdentity" as the | |
| # primary user key - this because the email address will change all the time | |
| # TODO: Render response to app | |
| else | |
| # TODO: Render error to app | |
| end | |
| rescue StandardError => e | |
| # TODO: Render error to app | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you, save me a lot of time 👍