我需要在移动应用程序中使用 Apple Auth 对用户进行身份验证。我从移动应用程序的 api 请求中获得了IdentityToken、User和AuthCode 。
我需要验证用户并获取其电子邮件。我的班级AppleId总是返回:“ invalid_client ”。
也许我的逻辑有一些错误?
class AppleId
URL = 'https://appleid.apple.com/auth/token'
ISSUER = 'https://appleid.apple.com'
TEAM_ID = '6Z******38'
KEY_ID = '33******KP'
IDENTIFIER = 'ru.k*************on'
PRIVATE_KEY = <<-PEM
-----BEGIN PRIVATE KEY-----
MIGTA**********z7
-----END PRIVATE KEY-----
PEM
def initialize
@private_key = OpenSSL::PKey::EC.new PRIVATE_KEY
end
def authenticate(code)
make_request(code)
end
private
def make_request(code)
uri = URI.parse(URL)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri.request_uri)
params = {
client_id: IDENTIFIER,
client_secret: client_secret_jwt,
code: code,
grant_type: 'authorization_code'
}
request.set_form_data(params)
response = http.request(request)
response.body
end
def client_secret_jwt
jwt = JSON::JWT.new(
iss: TEAM_ID,
aud: ISSUER,
sub: IDENTIFIER,
iat: Time.now,
exp: 1.minutes.from_now
)
jwt.kid = KEY_ID
JWT.encode jwt, @private_key, 'ES256'
end
end
在我的控制器中:
authCode = params[:auth_code]
AppleId.new.authenticate(authCode)
=> "{\"error\":\"invalid_client\"}"