接入Apple 登录(AuthenticationServices) 后端处理Java版1. 查看苹果官方文档2. 创建AppleUtil工具类3. 具体处理

89 阅读 0 评论 59 点赞

我是靠谱客的博主香蕉盼望，这篇文章主要介绍接入Apple 登录(AuthenticationServices) 后端处理Java版1. 查看苹果官方文档2. 创建AppleUtil工具类3. 具体处理，现在分享给大家，希望可以做个参考。

1. 查看苹果官方文档

https://developer.apple.com/cn/documentation/authenticationservices/implementing_user_authentication_with_sign_in_with_apple/

2. 创建AppleUtil工具类

复制代码

package com.san.utils;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.auth0.jwk.Jwk;
import io.jsonwebtoken.*;
import org.apache.commons.codec.binary.Base64;
import org.springframework.web.client.RestTemplate;

import java.security.PublicKey;

/**
 * @ClassName AppleUtil
 * @Description TODO
 * @Author ZhangSan_Plus
 * @Date 2022/10/13 17:10
 * @Version 1.0
 **/
public class AppleUtil {

private static final String APPLE_AUTH_URL = "https://appleid.apple.com/auth/keys";
    private static final String APPLE_ID_URL = "https://appleid.apple.com";

/**
     * 获取苹果公司的公钥
     *
     * @param
     * @return com.alibaba.fastjson.JSONArray
     * @author ZhangSan_Plus
     * @description //TODO
     * @date 18:45 2022/10/13
     **/
    private static JSONArray getAuthKeys() throws Exception {
        RestTemplate restTemplate = new RestTemplate();
        JSONObject json = restTemplate.getForObject(APPLE_AUTH_URL, JSONObject.class);
        JSONArray arr = json.getJSONArray("keys");
        return arr;
    }

public static Boolean verify(String jwt) throws Exception {
        JSONArray arr = getAuthKeys();
        if (arr == null) {
            return false;
        }
        JSONObject authKey = null;
        //先取苹果第一个key进行校验
        authKey = JSONObject.parseObject(arr.getString(0));
        if (verifyExc(jwt, authKey)) {
            return true;
        } else {
            //再取第二个key校验
            authKey = JSONObject.parseObject(arr.getString(1));
            return verifyExc(jwt, authKey);
        }

}

/**
     * 对前端传递来的identityToken进行验证
     *
     * @param jwt     identityToken
     * @param authKey IOS公钥
     * @return java.lang.Boolean
     * @author ZhangSan_Plus
     * @description //TODO
     * @date 18:43 2022/10/13
     **/
    public static Boolean verifyExc(String jwt, JSONObject authKey) throws Exception {
        Jwk jwa = Jwk.fromValues(authKey);
        PublicKey publicKey = jwa.getPublicKey();
        String aud = "";
        String sub = "";
        if (jwt.split("\.").length > 1) {
            String claim = new String(Base64.decodeBase64(jwt.split("\.")[1]));
            aud = JSONObject.parseObject(claim).get("aud").toString();
            sub = JSONObject.parseObject(claim).get("sub").toString();
        }
        JwtParser jwtParser = Jwts.parser().setSigningKey(publicKey);
        jwtParser.requireIssuer(APPLE_ID_URL);
        jwtParser.requireAudience(aud);
        jwtParser.requireSubject(sub);
        try {
            Jws<Claims> claim = jwtParser.parseClaimsJws(jwt);
            if (claim != null && claim.getBody().containsKey("auth_time")) {
                return true;
            }
            return false;
        } catch (ExpiredJwtException e) {
            return false;
        } catch (Exception e) {
            return false;
        }
    }

/**
     * 对前端传来的JWT字符串identityToken的第二部分进行解码
     * aud为IOS前端对应包名
     * sub为IOS用户对应的openId
     *
     * @param identityToken
     * @return com.alibaba.fastjson.JSONObject
     * @author ZhangSan_Plus
     * @description //TODO
     * @date 18:42 2022/10/13
     **/
    public static JSONObject parserIdentityToken(String identityToken) {
        String[] arr = identityToken.split("\.");
        Base64 base64 = new Base64();
        String decode = new String(base64.decodeBase64(arr[1]));
        String substring = decode.substring(0, decode.indexOf("}") + 1);
        JSONObject jsonObject = JSON.parseObject(substring);
        return jsonObject;
    }

}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package com.san.utils;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.auth0.jwk.Jwk;
import io.jsonwebtoken.*;
import org.apache.commons.codec.binary.Base64;
import org.springframework.web.client.RestTemplate;

import java.security.PublicKey;

/**
 * @ClassName AppleUtil
 * @Description TODO
 * @Author ZhangSan_Plus
 * @Date 2022/10/13 17:10
 * @Version 1.0
 **/
public class AppleUtil {

    private static final String APPLE_AUTH_URL = "https://appleid.apple.com/auth/keys";
    private static final String APPLE_ID_URL = "https://appleid.apple.com";

    /**
     * 获取苹果公司的公钥
     *
     * @param
     * @return com.alibaba.fastjson.JSONArray
     * @author ZhangSan_Plus
     * @description //TODO
     * @date 18:45 2022/10/13
     **/
    private static JSONArray getAuthKeys() throws Exception {
        RestTemplate restTemplate = new RestTemplate();
        JSONObject json = restTemplate.getForObject(APPLE_AUTH_URL, JSONObject.class);
        JSONArray arr = json.getJSONArray("keys");
        return arr;
    }

    public static Boolean verify(String jwt) throws Exception {
        JSONArray arr = getAuthKeys();
        if (arr == null) {
            return false;
        }
        JSONObject authKey = null;
        //先取苹果第一个key进行校验
        authKey = JSONObject.parseObject(arr.getString(0));
        if (verifyExc(jwt, authKey)) {
            return true;
        } else {
            //再取第二个key校验
            authKey = JSONObject.parseObject(arr.getString(1));
            return verifyExc(jwt, authKey);
        }

    }

    /**
     * 对前端传递来的identityToken进行验证
     *
     * @param jwt     identityToken
     * @param authKey IOS公钥
     * @return java.lang.Boolean
     * @author ZhangSan_Plus
     * @description //TODO
     * @date 18:43 2022/10/13
     **/
    public static Boolean verifyExc(String jwt, JSONObject authKey) throws Exception {
        Jwk jwa = Jwk.fromValues(authKey);
        PublicKey publicKey = jwa.getPublicKey();
        String aud = "";
        String sub = "";
        if (jwt.split("\.").length > 1) {
            String claim = new String(Base64.decodeBase64(jwt.split("\.")[1]));
            aud = JSONObject.parseObject(claim).get("aud").toString();
            sub = JSONObject.parseObject(claim).get("sub").toString();
        }
        JwtParser jwtParser = Jwts.parser().setSigningKey(publicKey);
        jwtParser.requireIssuer(APPLE_ID_URL);
        jwtParser.requireAudience(aud);
        jwtParser.requireSubject(sub);
        try {
            Jws<Claims> claim = jwtParser.parseClaimsJws(jwt);
            if (claim != null && claim.getBody().containsKey("auth_time")) {
                return true;
            }
            return false;
        } catch (ExpiredJwtException e) {
            return false;
        } catch (Exception e) {
            return false;
        }
    }


    /**
     * 对前端传来的JWT字符串identityToken的第二部分进行解码
     * aud为IOS前端对应包名
     * sub为IOS用户对应的openId
     *
     * @param identityToken
     * @return com.alibaba.fastjson.JSONObject
     * @author ZhangSan_Plus
     * @description //TODO
     * @date 18:42 2022/10/13
     **/
    public static JSONObject parserIdentityToken(String identityToken) {
        String[] arr = identityToken.split("\.");
        Base64 base64 = new Base64();
        String decode = new String(base64.decodeBase64(arr[1]));
        String substring = decode.substring(0, decode.indexOf("}") + 1);
        JSONObject jsonObject = JSON.parseObject(substring);
        return jsonObject;
    }

}

3. 具体处理

复制代码

1
2
3
4
5
6
7
8
9
10
11
12
13
	public void appleLogin(String identityToken){
		if (!AppleUtil.verify(identityToken)) {
            return RespBean.error("authorization verification failed");
        }
        //对identityToken解码
        JSONObject appleResult = AppleUtil.parserIdentityToken(identityToken);
        if (appleResult == null) {
            return RespBean.error("authorization decoding failed");
        } else {
        	//业务逻辑处理
        }
	}