是否可以使用Identity Server将Apple SignIn配置为另一个外部身份验证提供程序

如何解决是否可以使用Identity Server将Apple SignIn配置为另一个外部身份验证提供程序

是否可以将Apple SignIn作为Identity Server 4的另一个外部身份验证提供程序？

我已将ID服务器配置为保护网络api的安全，并且它与Google配合良好。

但是在Apple上无法正常工作，它似乎正在登录我，但看起来并不像在保留令牌。

我现有的代码

.AddOpenIdConnect("Apple",async options =>
                {
                    options.ResponseType = "code";
                    options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                    options.DisableTelemetry = true;
                    options.Scope.Clear();
                    options.Scope.Add("name");
                    options.Scope.Add("email");
                    options.Configuration = new OpenIdConnectConfiguration
                    {
                        AuthorizationEndpoint = "https://appleid.apple.com/auth/authorize",TokenEndpoint = "https://appleid.apple.com/auth/token"
                    };
                    options.ClientId = "<service id>";
                    options.Events.OnAuthorizationCodeReceived =  context =>
                    {
                        context.TokenEndpointRequest.ClientSecret = AppleSignInTokenGenerator.CreateNewToken();
                        return Task.CompletedTask;
                    };

                    options.TokenValidationParameters.ValidIssuer = "https://appleid.apple.com";
                    var jwks = await new HttpClient().GetStringAsync("https://appleid.apple.com/auth/keys");
                    options.TokenValidationParameters.IssuerSigningKeys = new JsonWebKeySet(jwks).Keys;
                    options.ProtocolValidator.RequireNonce = false;
                });

public static class AppleSignInTokenGenerator
    {
        public static string CreateNewToken()
        {
            const string iss = "<apple dev team account id>"; 
            const string aud = "https://appleid.apple.com";
            const string sub = "<service id>"; 
            const string privateKeyContentn = "private key content";
            var cngKey = CngKey.Import(Convert.FromBase64String(privateKeyContentn),CngKeyBlobFormat.Pkcs8PrivateBlob);
            var handler = new JwtSecurityTokenHandler();
            var token = handler.CreateJwtSecurityToken(
                issuer: iss,audience: aud,subject: new ClaimsIdentity(new List<Claim>
                {
                    new Claim("sub",sub)
                }),expires: DateTime.UtcNow.AddMinutes(30),// expiry can be a maximum of 6 months => generate one per request,or one and then re-use until expiration
                issuedAt: DateTime.UtcNow,notBefore: DateTime.UtcNow,signingCredentials: new SigningCredentials(new ECDsaSecurityKey(new ECDsaCng(cngKey)),SecurityAlgorithms.EcdsaSha256));
            
            return handler.WriteToken(token);
        }
    }

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。