是否可以使用Identity Server将Apple SignIn配置为另一个外部身份验证提供程序

是否可以将Apple SignIn作为Identity Server 4的另一个外部身份验证提供程序？

我已将ID服务器配置为保护网络api的安全，并且它与Google配合良好。

但是在Apple上无法正常工作，它似乎正在登录我，但看起来并不像在保留令牌。

我现有的代码

.AddOpenIdConnect("Apple",async options =>
                {
                    options.ResponseType = "code";
                    options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                    options.disableTelemetry = true;
                    options.Scope.Clear();
                    options.Scope.Add("name");
                    options.Scope.Add("email");
                    options.Configuration = new OpenIdConnectConfiguration
                    {
                        AuthorizationEndpoint = "https://appleid.apple.com/auth/authorize",TokenEndpoint = "https://appleid.apple.com/auth/token"
                    };
                    options.ClientId = "<service id>";
                    options.Events.OnAuthorizationCodeReceived =  context =>
                    {
                        context.TokenEndpointRequest.ClientSecret = AppleSignInTokenGenerator.CreateNewToken();
                        return Task.CompletedTask;
                    };

                    options.TokenValidationParameters.Validissuer = "https://appleid.apple.com";
                    var jwks = await new HttpClient().GetStringAsync("https://appleid.apple.com/auth/keys");
                    options.TokenValidationParameters.IssuerSigningKeys = new JsonWebKeySet(jwks).Keys;
                    options.ProtocolValidator.RequireNonce = false;
                });

public static class AppleSignInTokenGenerator
    {
        public static string CreateNewToken()
        {
            const string iss = "<apple dev team account id>"; 
            const string aud = "https://appleid.apple.com";
            const string sub = "<service id>"; 
            const string privateKeyContentn = "private key content";
            var cngKey = CngKey.Import(Convert.FromBase64String(privateKeyContentn),CngKeyBlobFormat.Pkcs8PrivateBlob);
            var handler = new JwtSecurityTokenHandler();
            var token = handler.CreateJwtSecurityToken(
                issuer: iss,audience: aud,subject: new ClaimsIdentity(new List<Claim>
                {
                    new Claim("sub",sub)
                }),expires: DateTime.UtcNow.AddMinutes(30),// expiry can be a maximum of 6 months => generate one per request,or one and then re-use until expiration
                issuedAt: DateTime.UtcNow,notBefore: DateTime.UtcNow,signingCredentials: new SigningCredentials(new ECDsaSecurityKey(new ECDsaCng(cngKey)),SecurityAlgorithms.EcdsaSha256));
            
            return handler.Writetoken(token);
        }
    }

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）