UNPKG

@wailroth/adonis-ally-apple-v6

Version:

Ally driver for Apple Sign In

128 lines (127 loc) 4.78 kB
/** |-------------------------------------------------------------------------- * Search keyword "YourDriver" and replace it with a meaningful name |-------------------------------------------------------------------------- */ import { Oauth2Driver } from '@adonisjs/ally'; import type { AllyDriverContract, ApiRequestContract, RedirectRequestContract } from '@adonisjs/ally/types'; import { HttpContext } from '@adonisjs/core/http'; import * as jose from 'jose'; import { AppleAccessToken, AppleDriverConfig, AppleTokenDecoded, AppleUserContract } from './types/main.js'; import { AppleScopes } from './types/main.js'; /** * Driver implementation. It is mostly configuration driven except the API call * to get user info. */ export declare class AppleDriver extends Oauth2Driver<AppleAccessToken, AppleScopes> implements AllyDriverContract<AppleAccessToken, AppleScopes> { config: AppleDriverConfig; /** * The URL for the redirect request. The user will be redirected on this page * to authorize the request. */ protected authorizeUrl: string; /** * The URL to hit to exchange the authorization code for the access token */ protected accessTokenUrl: string; /** * JWKS Client for Apple key verification */ protected jwksClient: ReturnType<typeof jose.createRemoteJWKSet> | null; /** * The param name for the authorization code. Read the documentation of your oauth * provider and update the param name to match the query string field name in * which the oauth provider sends the authorization_code post redirect. */ protected codeParamName: string; /** * The param name for the error. Read the documentation of your oauth provider and update * the param name to match the query string field name in which the oauth provider sends * the error post redirect */ protected errorParamName: string; /** * Cookie name for storing the CSRF token. Make sure it is always unique. So a better * approach is to prefix the oauth provider name to `oauth_state` value. For example: * For example: "facebook_oauth_state" */ protected stateCookieName: string; /** * Parameter name to be used for sending and receiving the state from. * Read the documentation of your oauth provider and update the param * name to match the query string used by the provider for exchanging * the state. */ protected stateParamName: string; /** * Parameter name for sending the scopes to the oauth provider. */ protected scopeParamName: string; /** * The separator indentifier for defining multiple scopes */ protected scopesSeparator: string; constructor(ctx: HttpContext, config: AppleDriverConfig); /** * Initialize JWKS client */ private initializeJwksClient; /** * Optionally configure the authorization redirect request. The actual request * is made by the base implementation of "Oauth2" driver and this is a * hook to pre-configure the request. */ protected configureRedirectRequest(request: RedirectRequestContract<AppleScopes>): void; /** * Update the implementation to tell if the error received during redirect * means "ACCESS DENIED". */ accessDenied(): boolean; /** * Get Apple Signing Key to verify token */ protected verifyToken(token: string): Promise<AppleTokenDecoded>; /** * Generates Client Secret * https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens * @returns clientSecret */ protected generateClientSecret(): string; /** * Parses user info from the Apple Token */ protected getUserInfo(token: string): Promise<AppleUserContract>; /** * Get access token */ accessToken(callback?: (request: ApiRequestContract) => void): Promise<AppleAccessToken>; /** * Returns details for the authorized user */ user(callback?: (request: ApiRequestContract) => void): Promise<{ token: AppleAccessToken; email: string | null; id: string; nickName: string; name: string; emailVerificationState: "verified" | "unverified" | "unsupported"; avatarUrl: string | null; original: any; }>; /** * Finds the user by the access token */ userFromToken(token: string): Promise<{ token: { token: string; type: "bearer"; }; email: string | null; id: string; nickName: string; name: string; emailVerificationState: "verified" | "unverified" | "unsupported"; avatarUrl: string | null; original: any; }>; }