From dc03f5df7e6adec282432ed77fc77dae9617f013 Mon Sep 17 00:00:00 2001 From: Dmitry Verkhoturov Date: Sat, 1 Apr 2023 21:18:30 +0200 Subject: [PATCH] make Apple ResponseMode configurable --- README.md | 2 +- _example/main.go | 7 ++++--- provider/apple.go | 28 ++++++++++++++-------------- provider/apple_test.go | 10 +++++----- 4 files changed, 24 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 575be4c1..8de414c7 100644 --- a/README.md +++ b/README.md @@ -522,7 +522,7 @@ After completing the previous steps, you can proceed with configuring the Apple - _ClientID_ (**required**) - Service ID identifier which is used for Sign with Apple - _TeamID_ (**required**) - Identifier a developer account (use as prefix for all App ID) - _KeyID_ (**required**) - Identifier a generated key for Sign with Apple - +- _ResponseMode_ - Response Mode, please see [documentation](https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168) for reference, default is `form_post` ```go // apple config parameters diff --git a/_example/main.go b/_example/main.go index c43fbefb..de0b9e82 100644 --- a/_example/main.go +++ b/_example/main.go @@ -87,9 +87,10 @@ func main() { // allow sign with apple id appleCfg := provider.AppleConfig{ - ClientID: os.Getenv("AEXMPL_APPLE_CID"), - TeamID: os.Getenv("AEXMPL_APPLE_TID"), - KeyID: os.Getenv("AEXMPL_APPLE_KEYID"), // private key identifier + ClientID: os.Getenv("AEXMPL_APPLE_CID"), + TeamID: os.Getenv("AEXMPL_APPLE_TID"), + KeyID: os.Getenv("AEXMPL_APPLE_KEYID"), // private key identifier + ResponseMode: "query", // see https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168 } if err := service.AddAppleProvider(appleCfg, provider.LoadApplePrivateKeyFromFile(os.Getenv("AEXMPL_APPLE_PRIVKEY_PATH"))); err != nil { diff --git a/provider/apple.go b/provider/apple.go index 8b8258e1..2663cf11 100644 --- a/provider/apple.go +++ b/provider/apple.go @@ -70,11 +70,11 @@ type appleVerificationResponse struct { // AppleConfig is the main oauth2 required parameters for "Sign in with Apple" type AppleConfig struct { - ClientID string // the identifier Services ID for your app created in Apple developer account. - TeamID string // developer Team ID (10 characters), required for create JWT. It available, after signed in at developer account, by link: https://developer.apple.com/account/#/membership - KeyID string // private key ID assigned to private key obtain in Apple developer account + ClientID string // the identifier Services ID for your app created in Apple developer account. + TeamID string // developer Team ID (10 characters), required for create JWT. It available, after signed in at developer account, by link: https://developer.apple.com/account/#/membership + KeyID string // private key ID assigned to private key obtain in Apple developer account + ResponseMode string // changes method of receiving data in callback. Default value "form_post" (https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168) - responseMode string // changes method of receiving data in callback. Default value "form_post" (https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168) scopes []string // for this package allow only username scope and UID in token claims. Apple service API provide only "email" and "name" scope values (https://developer.apple.com/documentation/sign_in_with_apple/clientconfigi/3230955-scope) privateKey interface{} // private key from Apple obtained in developer account (the keys section). Required for create the Client Secret (https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens#3262048) publicKey crypto.PublicKey // need for validate sign of token @@ -158,8 +158,8 @@ func NewApple(p Params, appleCfg AppleConfig, privateKeyLoader PrivateKeyLoaderI } responseMode := "form_post" - if appleCfg.responseMode != "" { - responseMode = appleCfg.responseMode + if appleCfg.ResponseMode != "" { + responseMode = appleCfg.ResponseMode } ah := AppleHandler{ @@ -167,12 +167,12 @@ func NewApple(p Params, appleCfg AppleConfig, privateKeyLoader PrivateKeyLoaderI name: "apple", // static name for an Apple provider conf: AppleConfig{ - ClientID: appleCfg.ClientID, - TeamID: appleCfg.TeamID, - KeyID: appleCfg.KeyID, - scopes: []string{"name"}, - jwkURL: appleKeysURL, - responseMode: responseMode, + ClientID: appleCfg.ClientID, + TeamID: appleCfg.TeamID, + KeyID: appleCfg.KeyID, + scopes: []string{"name"}, + jwkURL: appleKeysURL, + ResponseMode: responseMode, }, endpoint: oauth2.Endpoint{ @@ -510,7 +510,7 @@ func (ah *AppleHandler) prepareLoginURL(state, path string) (string, error) { scopesList := strings.Join(ah.conf.scopes, " ") - if scopesList != "" && ah.conf.responseMode != "form_post" { + if scopesList != "" && ah.conf.ResponseMode != "form_post" { return "", fmt.Errorf("response_mode must be form_post if scope is not empty") } @@ -522,7 +522,7 @@ func (ah *AppleHandler) prepareLoginURL(state, path string) (string, error) { query := authURL.Query() query.Set("state", state) query.Set("response_type", "code") - query.Set("response_mode", ah.conf.responseMode) + query.Set("response_mode", ah.conf.ResponseMode) query.Set("client_id", ah.conf.ClientID) query.Set("scope", scopesList) query.Set("redirect_uri", ah.makeRedirURL(path)) diff --git a/provider/apple_test.go b/provider/apple_test.go index 59727ead..ea645082 100644 --- a/provider/apple_test.go +++ b/provider/apple_test.go @@ -426,11 +426,11 @@ func prepareAppleHandlerTest(responseMode string, scopes []string) (*AppleHandle } aCfg := AppleConfig{ - ClientID: "auth.example.com", - TeamID: "AA11BB22CC", - KeyID: "BS2A79VCTT", - responseMode: responseMode, - scopes: scopes, + ClientID: "auth.example.com", + TeamID: "AA11BB22CC", + KeyID: "BS2A79VCTT", + ResponseMode: responseMode, + scopes: scopes, } cl := customLoader{}