[Node.js] Sign in with Apple
Node.JS wrapper around Sign in with Apple REST API.
This module lets you authenticate users using Apple account in your Node.js application.
Prerequisites
- You should be enrolled in Apple Developer Program.
- Please have a look at Apple documentation related to "Sign in with Apple" feature.
- You should create App ID and Service ID in your Apple Developer Account.
- You should generate private key for your Service ID in your Apple Developer Account.
More detail about configuration can be found in blog post and Apple docs.
Installation
Install the module using npm:
npm install --save apple-signin
Usage
1. Get authorization URL
Start "Sign in with Apple" flow by redirecting user to the authorization URL.
const appleSignin = require("apple-signin");
const options = {
clientID: "com.gotechmakers.auth.client",
redirectUri: "http://localhost:3000/auth/apple/callback",
state: "123",
scope: "email"
};
const authorizationUrl = appleSignin.getAuthorizationUrl(options);
Alternatively, you can use Sign In with Apple browser javascript library.
2. Get access token
2.1. Retrieve "code" query param from URL string when user is redirected to your site after successful sign in with Apple. Example:
http://localhost:3000/auth/apple/callback?code=somecode&state=123.
2.2. Exchange retrieved "code" to user's access token.
More detail can be found in Apple docs.
const clientSecret = appleSignin.getClientSecret({
clientID: "com.gotechmakers.auth.client",
teamId: "teamId",
privateKeyPath: "/var/www/app/AuthKey_XXX.p8",
privateKey: "ZZZ",
keyIdentifier: "XXX"
});
const options = {
clientID: "com.gotechmakers.auth.client",
redirectUri: "http://localhost:3000/auth/apple/callback",
clientSecret: clientSecret
};
appleSignin.getAuthorizationToken(code, options).then(tokenResponse => {
console.log(tokenResponse);
}).catch(error => {
console.log(error);
});
Result of getAuthorizationToken
command is a JSON object representing Apple's TokenResponse:
{
access_token: "ACCESS_TOKEN",
token_type: 'Bearer',
expires_in: 3600,
refresh_token: "REFRESH_TOKEN",
id_token: "ID_TOKEN"
}
3. Verify token signature and get unique user's identifier
appleSignin.verifyIdToken(tokenResponse.id_token, clientID).then(result => {
const userAppleId = result.sub;
}).catch(error => {
console.log(error);
});
4. Refresh access token after expiration
const clientSecret = appleSignin.getClientSecret({
clientID: "com.gotechmakers.auth.client",
teamId: "teamId",
privateKeyPath: "/var/www/app/AuthKey_XXX.p8",
keyIdentifier: "XXX"
});
const options = {
clientID: "com.gotechmakers.auth.client",
clientSecret: clientSecret
};
appleSignin.refreshAuthorizationToken(refreshToken, options).then(result => {
const newAccessToken = result.access_token;
}).catch(error => {
console.log(error);
})
Examples
Developers using the popular Express web framework can refer to an example as a starting point for their own web applications.
You can also check live example
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
License
The MIT License
Copyright (c) 2019 Artem Efremov https://gotechmakers.com
Support
If you have any questions or need help with integration, then you can contact me by email efremov.artserg@gmail.com.