@powerdot/verify-apple-id-token

Verify the Apple id token on the server side.

3.0.2
latest
Source
npm

Version published: 2 years ago

Maintainers: 1

Created: 2 years ago

Source

Verify Apple idToken

Small utility which verifies the Apple idToken
You can use it on the backend side
Token verification is part of Apple sign-in process
The flow is
- Client app (iOS or Android) will redirect user to the OAuth2 login screen
- User will login
- App will receive the tokens
- App should send the idToken to the backend which will verify it
Verification steps implemented:
- Verify the JWS E256 signature using the server’s public key
- Verify the nonce for the authentication
- Verify that the iss field contains https://appleid.apple.com
- Verify that the aud field is the developer’s client_id
- Verify that the time is earlier than the exp value of the token

Installation

npm install verify-apple-id-token

Usage

Typescript

import verifyAppleToken from "verify-apple-id-token";

const jwtClaims = await verifyAppleToken({
  idToken: "yourIdToken",
  clientId: "yourAppleClientId",
  nonce: "nonce", // optional
});

jwtClaims.email; // get email of the user

Javascript

const verifyAppleToken = require("verify-apple-id-token").default;

const jwtClaims = await verifyAppleToken({
  idToken: "yourIdToken",
  clientId: "yourAppleClientId",
  nonce: "nonce", // optional
});

Contribution

Thank you for your interest in contributing to verify-apple-id-token! Please see the CONTRIBUTING.md to learn how to do it!

License

MIT

Keywords

FAQs

What is @powerdot/verify-apple-id-token?

Is @powerdot/verify-apple-id-token well maintained?

Package last updated on 27 Feb 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install