passport-apple - npm Package Compare versions

Comparing version 1.1.1 to 2.0.0

package.json

 {
   "name": "passport-apple",
-  "version": "1.1.1",
+  "version": "2.0.0",
   "description": "Passport strategy for Sign in with Apple",
@@ -5,0 +5,0 @@ "main": "src/strategy.js",

README.md

@@ -12,2 +12,4 @@ #  Sign in with Apple for Passport.js
 
+⚠️ Important note: Apple will only provide you with the name and email ONCE which is when the user taps "Sign in with Apple" on your app the first time. Keep in mind that you have to store this in your database at this time! For every login after that, Apple will provide you with a unique ID that you can use to lookup the username in your database.
+
 ## Example
@@ -23,2 +25,10 @@
 
+You will also need to install & configure `body-parser` if using Express:
+``` npm install --save body-parser ```
+
+```js
+const bodyParser = require("body-parser");
+app.use(bodyParser.urlencoded({ extended: true }));
+```
+
 Next, you need to configure your Apple Developer Account with Sign in with Apple.
@@ -42,9 +52,12 @@
     passReqToCallback: true
-}, function(req, accessToken, refreshToken, decodedIdToken, profile, cb) {
-    // Here, check if the decodedIdToken.sub exists in your database!
-    // decodedIdToken should contains email too if user authorized it but will not contain the name
+}, function(req, accessToken, refreshToken, idToken, profile, cb) {
+    // The idToken returned is encoded. You can use the jsonwebtoken library via jwt.decode(idToken)
+    // to access the properties of the decoded idToken properties which contains the user's
+    // identity information.
+    // Here, check if the idToken.sub exists in your database!
+    // idToken should contains email too if user authorized it but will not contain the name
     // `profile` parameter is REQUIRED for the sake of passport implementation
     // it should be profile in the future but apple hasn't implemented passing data
     // in access token yet https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse
-    cb(null, decodedIdToken);
+    cb(null, idToken);
 }));
@@ -59,3 +72,3 @@ ```
 ```js
-app.get("/auth", function(req, res, next) {
+app.post("/auth", function(req, res, next) {
     passport.authenticate('apple', function(err, user, info) {
@@ -62,0 +75,0 @@ if (err) {

src/strategy.js

@@ -9,5 +9,4 @@ /**
     AppleClientSecret = require("./token"),
-    util = require('util')
-    querystring = require('querystring'),
-    jwt = require('jsonwebtoken');
+    util = require('util'),
+    querystring = require('querystring');
 
@@ -26,6 +25,9 @@ /**
  *      passReqToCallback: true
- *   }, function(req, accessToken, refreshToken, decodedIdToken, __ , cb) {
- *       // Here, check if the decodedIdToken.sub exists in your database!
+ *   }, function(req, accessToken, refreshToken, idToken, __ , cb) {
+ *       // The idToken returned is encoded. You can use the jsonwebtoken library via jwt.decode(idToken)
+ *       // to access the properties of the decoded idToken properties which contains the user's
+ *       // identity information.
+ *       // Here, check if the idToken.sub exists in your database!
  *       // __ parameter is REQUIRED for the sake of passport implementation
- *       // it should be profile in the future but apple hasn't implemented passing data 
+ *       // it should be profile in the future but apple hasn't implemented passing data
  *       // in access token yet https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse
@@ -42,4 +44,3 @@ *       cb(null, idToken);
  *  Developer Account page
- * @param {string} options.callbackURL – The identifier for the private key on the Apple
- *  Developer Account page
+ * @param {string} options.callbackURL – The OAuth Redirect URI
  * @param {string} options.privateKeyLocation - Location to the private key
@@ -98,4 +99,3 @@ * @param {string} options.privateKeyString - Private key string
                         const refresh_token = results.refresh_token;
-                        const decodedIdToken = jwt.decode(results.id_token)
-                        callback(null, access_token, refresh_token, decodedIdToken);
+                        callback(null, access_token, refresh_token, results.id_token);
                     }
@@ -102,0 +102,0 @@ }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

14182

increased by6.24%

Number of lines in readme file

112

increased by13.13%

No dependency changes