Appleでサインインのトークン検証の続き。
セットアップ
# Gemfile
gem "jwt"
# クライアントから送られてきたパラメータ
code = "authorizationCode"
# アプリのID(decoded_token[:aud])
client_id = "com.example.app"
# https://developer.apple.com/account/#/membership
team_id = "xxx"
# https://developer.apple.com/account/resources/authkeys/list
key_id = "xxx"
key_file = File.read(Rails.root.join("AuthKey_xxx.p8"))
key = OpenSSL::PKey::EC.new(key_file)
access_token/refresh_token の取得
headers = {
kid: key_id,
alg: "ES256"
}
claims = {
iss: team_id,
sub: client_id,
iat: Time.now.to_i,
exp: Time.now.to_i + 1.day.to_i * 180,
aud: "https://appleid.apple.com"
}
client_secret = JWT.encode claims, key, "ES256", headers
params = {
client_id: client_id,
client_secret: client_secret,
code: code,
grant_type: "authorization_code"
}
response = Net::HTTP.post_form(URI.parse("https://appleid.apple.com/auth/token"), params)
json = JSON.parse(response.body, symbolize_names: true)
#=> {:access_token=>"xxx", :token_type=>"Bearer", :expires_in=>3600, :refresh_token=>"xxx", :id_token=>"xxx"}
refresh_token を利用して access_token を取得
params = {
client_id: client_id,
client_secret: client_secret,
refresh_token: json[:refresh_token],
grant_type: "refresh_token"
}
response = Net::HTTP.post_form(URI.parse("https://appleid.apple.com/auth/token"), params)
json = JSON.parse(response.body, symbolize_names: true)
#=> {:access_token=>"xxx", :token_type=>"Bearer", :expires_in=>3600}
リンク