PHP library to verify and validate Apple IdentityToken and authenticate a user with Apple ID.

Overview

Sign-in with Apple SDK

Latest Version Build Status

Installation

Recommended and easiest way to installing library is through Composer.

composer require azimolabs/apple-sign-in-php-sdk

Requirements

  • PHP 7.1+
  • OpenSSL Extension

How it works

This description assumes that you already have generated identityToken. Remember that token is valid ONLY for 10 minutes.

The first step to verify the identity token is to generate a public key. To generate public key exponent and modulus values are required. Both information are exposed in Apple API endpoint. Those values differ depending on the algorithm.

The second step is verification if provided identityToken is valid against generated public key. If so we are sure that identityToken wasn't malformed.

The third step is validation if token is not expired. Additionally it is worth to check issuer and audience, examples are shown below.

Basic usage

Once you have cloned repository, make sure that composer dependencies are installed running composer install -o.

$validationData = new ValidationData();
$validationData->setIssuer('https://appleid.apple.com');
$validationData->setAudience('com.azimo');

$appleJwtFetchingService = new Auth\Service\AppleJwtFetchingService(
    new Auth\Jwt\JwtParser(new Parser()),
    new Auth\Jwt\JwtVerifier(
        new Api\AppleApiClient(
            new GuzzleHttp\Client(
                [
                    'base_uri'        => 'https://appleid.apple.com',
                    'timeout'         => 5,
                    'connect_timeout' => 5,
                ]
            ),
            new Api\Factory\ResponseFactory()
        ),
        new RSA(),
        new Sha256()
    ),
    new Auth\Jwt\JwtValidator($validationData),
    new Auth\Factory\AppleJwtStructFactory()
);

$appleJwtFetchingService->getJwtPayload('your.identity.token');

If you don't want to copy-paste above code you can paste freshly generated identityToken in tests/E2e/Auth/AppleJwtFetchingServiceTest.php:53 and run tests with simple command php vendor/bin/phpunit tests/E2e.

$ php vendor/bin/phpunit tests/E2e
PHPUnit 9.2.5 by Sebastian Bergmann and contributors.

Random seed:   1594414420

.                                                                   1 / 1 (100%)

Time: 00:00.962, Memory: 8.00 MB

OK (1 test, 1 assertion)

Todo

It is welcome to open a pull request with a fix of any issue:

Miscellaneous

Towards financial services available to all

We’re working throughout the company to create faster, cheaper, and more available financial services all over the world, and here are some of the techniques that we’re utilizing. There’s still a long way ahead of us, and if you’d like to be part of that journey, check out our careers page.

Comments
  • Cryptographic algorithm `fh6Bs8C` is not supported

    Cryptographic algorithm `fh6Bs8C` is not supported

    Hello,

    currently we have an issue relating to the cryptographic algorithm fh6Bs8C. We are using package version 1.3.0 currently. Would it be possible to integrate this in the package? Or does it exist already?

    opened by Nugation 7
  • Validation of given token failed. Possibly token expired.

    Validation of given token failed. Possibly token expired.

    Even trying with php vendor/bin/phpunit vendor/azimolabs/apple-sign-in-php-sdk/tests/E2e/Auth/AppleJwtFetchingServiceTest.php with a recent token I'm only getting Validation of given token failed. Possibly token expired.

    $validationData = new ValidationData();
    $validationData->setIssuer('https://appleid.apple.com');
    $validationData->setAudience('com.********');
    
    $appleJwtFetchingService = new Auth\Service\AppleJwtFetchingService(
        new Auth\Jwt\JwtParser(new Parser()),
        new Auth\Jwt\JwtVerifier(
            new Api\AppleApiClient(
                new GuzzleHttp\Client(
                    [
                        'base_uri'        => 'https://appleid.apple.com',
                        'timeout'         => 5,
                        'connect_timeout' => 5,
                    ]
                ),
                new Api\Factory\ResponseFactory()
            ),
            new RSA(),
            new Sha256()
        ),
        new Auth\Jwt\JwtValidator($validationData),
        new Auth\Factory\AppleJwtStructFactory()
    );
    
    $payload = $appleJwtFetchingService->getJwtPayload($request->id_token);
    
    opened by theianjohnson 7
  • Unsupported cryptographic algorithm

    Unsupported cryptographic algorithm

    I have error frequently 30% happen at 1st time sign with apple "Cryptographic algorithm W6WcOKB is not supported. Supported algorithms: 86D88Kf,eXaunmL,YuyXoY"

    I use your lib code for Apple Sign feature! Next times when I revoke apple id on app and sign again 2nd, it could be passed.

    opened by tthlan 5
  • Implicit conversion of keys from strings is deprecated.

    Implicit conversion of keys from strings is deprecated.

    Hi,

    I got the error while getting access token from apple. Implicit conversion of keys from strings is deprecated. Please use InMemory or LocalFileReference classes.

    I find it cause by the problem from lcobucci/jwt 3.4.* , so I use "lcobucci/jwt": "3.3.*" in my project and it work perfectly.

    The latest version of lcobucci/jwt is 4.1.x, but not released, I hasn't test it too.

    opened by tsaiyihua 5
  • Way to handle multiple audience?

    Way to handle multiple audience?

    Hi, if I have two app (dev and prod) and they have different audience how can I handle that in this library?

    At first I have tried this approach but it doesn't work since this library will throw exception when audience doesn't match.

    new Auth\Jwt\JwtValidator(
                    new \Lcobucci\JWT\Validation\Validator(),
                    [
                        new \Lcobucci\JWT\Validation\Constraint\IssuedBy('https://appleid.apple.com'),
                        new \Lcobucci\JWT\Validation\Constraint\PermittedFor('com.c.azimo.stage'),
                       new \Lcobucci\JWT\Validation\Constraint\PermittedFor('com.c.azimo.stage2'),
                    ]
          ),
    
    opened by fd6130 4
  • If someone needs php8 version.

    If someone needs php8 version.

    I updated code to PHP8. If you need php8 right now, you can temporary use version from my repo. I didn't make PR because I dramatically changed the root service.

    https://github.com/alxbndrs/apple-sign-in-php-sdk

    [COMMIT] https://github.com/alxbndrs/apple-sign-in-php-sdk/commit/c3166ce14a629bc3a80feeb4cda6b921fd80bd2d

    opened by alxbndrs 4
  • Switch to Guzzle 6

    Switch to Guzzle 6

    Hi,

    Your package seems to be perfect... but you are using Guzzle 7. However, Guzzle 7 is not necessary for this package to be fully functionnal, Guzzle 6 is enough. Moreover, when you are using Laravel 7, using Guzzle 7 is blocking the installation.

    So, can you use Guzzle 6 in this package to make it run for everyone ? :-)

    Thanks a lot !

    opened by bastienuh 4
  • Azimo\Apple\Api\Exception\UnsupportedCryptographicAlgorithmException Cryptographic algorithm `fh6Bs8C` is not supported. Supported algorithms: `86D88Kf,eXaunmL,YuyXoY,W6WcOKB`

    Azimo\Apple\Api\Exception\UnsupportedCryptographicAlgorithmException Cryptographic algorithm `fh6Bs8C` is not supported. Supported algorithms: `86D88Kf,eXaunmL,YuyXoY,W6WcOKB`

    We are using 1.1.2 version. What is the solution? Do you have idea? Azimo\Apple\Api\Exception\UnsupportedCryptographicAlgorithmException Cryptographic algorithm fh6Bs8C is not supported. Supported algorithms: 86D88Kf,eXaunmL,YuyXoY,W6WcOKB

    opened by olucvolkan 3
  • Remove the internal crypto algorithm enum that has to be maintained

    Remove the internal crypto algorithm enum that has to be maintained

    The algorithms are already downloaded from Apple, so just use this as the master list instead of keeping another internal lookup key list.

    PHP isn't my main language, so if I've done something stupid..sorry..

    I've tested this in my app, and it's working fine. Also ran the unit tests and updated the failing ones.

    opened by devedup 3
  • Uncaught JsonException: Malformed UTF-8 characters, possibly incorrectly encoded

    Uncaught JsonException: Malformed UTF-8 characters, possibly incorrectly encoded

    Hi! I'm using PHP 7.4.3 and trying to verify identity token. The response I get: Uncaught JsonException: Malformed UTF-8 characters, possibly incorrectly encoded in /home/x/domains/domain.com/public_html/apple/lcobucci/jwt/src/Parsing/Decoder.php:50. Changing to older PHP version helps, but is there any solution to make it working on >7.4.3? Thanks

    opened by konradstrek 3
  • Add nonce attribute in JWT Payload

    Add nonce attribute in JWT Payload

    If you pass a nonce while making the request for Sign In With Apple, this value is returned in the claims section of the received JWT. This field is not present if you don't pass a nonce while making the request. This pull request adds the ability to access its value.

    opened by gerardnll 2
Releases(1.5.1)
Owner
Azimo Labs
We're the tech team behind Azimo - the faster, cheaper way to send money internationally.
Azimo Labs
PHP class to generate and verify Google Authenticator 2-factor authentication

Google Authenticator PHP class Copyright (c) 2012-2016, http://www.phpgangsta.de Author: Michael Kliewe, @PHPGangsta and contributors Licensed under t

Michael Kliewe 2.1k Jan 2, 2023
EAuth extension allows to authenticate users by the OpenID, OAuth 1.0 and OAuth 2.0 providers

EAuth extension allows to authenticate users with accounts on other websites. Supported protocols: OpenID, OAuth 1.0 and OAuth 2.0.

Maxim Zemskov 330 Jun 3, 2022
Keycloak Web Guard for Laravel allow you authenticate users with Keycloak Server

Keycloak Web Guard for Laravel This packages allow you authenticate users with Keycloak Server. It works on front. For APIs we recommend laravel-keycl

YDigital Media 0 May 20, 2022
Laravel Auth is a Complete Build of Laravel 8 with Email Registration Verification, Social Authentication, User Roles and Permissions, User Profiles, and Admin restricted user management system.

Laravel Auth is a Complete Build of Laravel 8 with Email Registration Verification, Social Authentication, User Roles and Permissions, User Profiles, and Admin restricted user management system. Built on Bootstrap 4.

Jeremy Kenedy 2.8k Dec 31, 2022
PHP package built for Laravel 5.* to easily handle a user email verification and validate the email

jrean/laravel-user-verification is a PHP package built for Laravel 5.* & 6.* & 7.* & 8.* to easily handle a user verification and validate the e-mail.

Jean Ragouin 802 Dec 29, 2022
UserFrosting is a secure, modern user management system written in PHP and built on top of the Slim Microframework, Twig templating engine, and Eloquent ORM.

UserFrosting is a secure, modern user management system written in PHP and built on top of the Slim Microframework, Twig templating engine, and Eloquent ORM.

UserFrosting 1.6k Jan 1, 2023
User registration and login form with validations and escapes for total security made with PHP.

Login and Sign Up with PHP User registration and login form with validations and escapes for total security made with PHP. Validations Required fields

Alexander Pérez 2 Jan 26, 2022
Kaiju is an open source verification bot based on Discord's OAuth written in C# and PHP, with the functionality of being able to integrate the user to a new server in case yours is suspended.

What is Kaiju? Kaiju is an open source verification bot for Discord servers, based on OAuth and with permission for the server owner, to be able to mi

in the space 10 Nov 20, 2022
Auth is a module for the Yii PHP framework that provides a web user interface for Yii's built-in authorization manager

Auth is a module for the Yii PHP framework that provides a web user interface for Yii's built-in authorization manager (CAuthManager). You can read more about Yii's authorization manager in the framework documentation under Authentication and Authorization.

Christoffer Niska 134 Oct 22, 2022
Tech-Admin is Laravel + Bootstrap Admin Panel With User Management And Access Control based on Roles and Permissions.

Tech-Admin | Laravel 8 + Bootstrap 4 Tech-Admin is Admin Panel With Preset of Roles, Permissions, ACL, User Management, Profile Management. Features M

TechTool India 39 Dec 23, 2022
Armor - User and Session Management

User and session management. Provides solid base foundation for development of custom user management system.

Matt Dizak 3 Apr 13, 2022
Helps you securely setup a master password and login into user accounts with it.

?? Make your Login form smart in a minute! Built with ❤️ for every smart laravel developer Helps you set a master password in .env file and login into

Iman 341 Jan 1, 2023
User role and Permission Management system with Paticie package

User role and Permission Management system with Paticie package Installation instruction Download or git clone https://github.com/KKOO727/User-role-ma

Ninja 2 Mar 4, 2022
this is a semester project using Laravel, this app allow user to keep and shear their note with other users.

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Vichhagar Nhin 0 Dec 24, 2021
A user, group, role and permission management for Codeigniter 4

CI4-Auth CI4-Auth is a user, group, role and permission management library for Codeigniter 4. CI4-Auth is based on the great Myth-Auth library for Cod

George Lewe 15 Dec 16, 2022
Log user authentication details and send new device notifications.

Laravel Authentication Log is a package which tracks your user's authentication information such as login/logout time, IP, Browser, Location, etc. as well as sends out notifications via mail, slack, or sms for new devices and failed logins.

John S Nwanosike 2 Mar 13, 2022
Quickly create `User` models with Artisan. ⚡️

Quickly create User models with Artisan. Installation You can install the package via composer: composer require ryangjchandler/laravel-make-user Usag

Ryan Chandler 14 Oct 7, 2022
Instantly login as user via a single button tap on dev environments.

Getting tired of always entering login details in local dev environments? This package adds a button to instantly login a user! Installation You can i

Quinten Buis 3 Feb 18, 2022
Easy, native Laravel user authorization.

An easy, native role / permission management system for Laravel. Index Installation Migration Customization Model Customization Usage Checking Permiss

DirectoryTree 5 Dec 14, 2022