如何解决是否可以使用Identity Server将Apple SignIn配置为另一个外部身份验证提供程序
是否可以将Apple SignIn作为Identity Server 4的另一个外部身份验证提供程序?
我已将ID服务器配置为保护网络api的安全,并且它与Google配合良好。
但是在Apple上无法正常工作,它似乎正在登录我,但看起来并不像在保留令牌。
我现有的代码
.AddOpenIdConnect("Apple",async options =>
{
options.ResponseType = "code";
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.DisableTelemetry = true;
options.Scope.Clear();
options.Scope.Add("name");
options.Scope.Add("email");
options.Configuration = new OpenIdConnectConfiguration
{
AuthorizationEndpoint = "https://appleid.apple.com/auth/authorize",TokenEndpoint = "https://appleid.apple.com/auth/token"
};
options.ClientId = "<service id>";
options.Events.OnAuthorizationCodeReceived = context =>
{
context.TokenEndpointRequest.ClientSecret = AppleSignInTokenGenerator.CreateNewToken();
return Task.CompletedTask;
};
options.TokenValidationParameters.ValidIssuer = "https://appleid.apple.com";
var jwks = await new HttpClient().GetStringAsync("https://appleid.apple.com/auth/keys");
options.TokenValidationParameters.IssuerSigningKeys = new JsonWebKeySet(jwks).Keys;
options.ProtocolValidator.RequireNonce = false;
});
public static class AppleSignInTokenGenerator
{
public static string CreateNewToken()
{
const string iss = "<apple dev team account id>";
const string aud = "https://appleid.apple.com";
const string sub = "<service id>";
const string privateKeyContentn = "private key content";
var cngKey = CngKey.Import(Convert.FromBase64String(privateKeyContentn),CngKeyBlobFormat.Pkcs8PrivateBlob);
var handler = new JwtSecurityTokenHandler();
var token = handler.CreateJwtSecurityToken(
issuer: iss,audience: aud,subject: new ClaimsIdentity(new List<Claim>
{
new Claim("sub",sub)
}),expires: DateTime.UtcNow.AddMinutes(30),// expiry can be a maximum of 6 months => generate one per request,or one and then re-use until expiration
issuedAt: DateTime.UtcNow,notBefore: DateTime.UtcNow,signingCredentials: new SigningCredentials(new ECDsaSecurityKey(new ECDsaCng(cngKey)),SecurityAlgorithms.EcdsaSha256));
return handler.WriteToken(token);
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。