问题描述
是否可以将Apple SignIn作为Identity Server 4的另一个外部身份验证提供程序?
我已将ID服务器配置为保护网络api的安全,并且它与Google配合良好。
但是在Apple上无法正常工作,它似乎正在登录我,但看起来并不像在保留令牌。
我现有的代码
.AddOpenIdConnect("Apple",async options =>
{
options.ResponseType = "code";
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.disableTelemetry = true;
options.Scope.Clear();
options.Scope.Add("name");
options.Scope.Add("email");
options.Configuration = new OpenIdConnectConfiguration
{
AuthorizationEndpoint = "https://appleid.apple.com/auth/authorize",TokenEndpoint = "https://appleid.apple.com/auth/token"
};
options.ClientId = "<service id>";
options.Events.OnAuthorizationCodeReceived = context =>
{
context.TokenEndpointRequest.ClientSecret = AppleSignInTokenGenerator.CreateNewToken();
return Task.CompletedTask;
};
options.TokenValidationParameters.Validissuer = "https://appleid.apple.com";
var jwks = await new HttpClient().GetStringAsync("https://appleid.apple.com/auth/keys");
options.TokenValidationParameters.IssuerSigningKeys = new JsonWebKeySet(jwks).Keys;
options.ProtocolValidator.RequireNonce = false;
});
public static class AppleSignInTokenGenerator
{
public static string CreateNewToken()
{
const string iss = "<apple dev team account id>";
const string aud = "https://appleid.apple.com";
const string sub = "<service id>";
const string privateKeyContentn = "private key content";
var cngKey = CngKey.Import(Convert.FromBase64String(privateKeyContentn),CngKeyBlobFormat.Pkcs8PrivateBlob);
var handler = new JwtSecurityTokenHandler();
var token = handler.CreateJwtSecurityToken(
issuer: iss,audience: aud,subject: new ClaimsIdentity(new List<Claim>
{
new Claim("sub",sub)
}),expires: DateTime.UtcNow.AddMinutes(30),// expiry can be a maximum of 6 months => generate one per request,or one and then re-use until expiration
issuedAt: DateTime.UtcNow,notBefore: DateTime.UtcNow,signingCredentials: new SigningCredentials(new ECDsaSecurityKey(new ECDsaCng(cngKey)),SecurityAlgorithms.EcdsaSha256));
return handler.Writetoken(token);
}
}
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)