UNPKG

apple-signin-auth

Version:

 Apple signin for node.

github.com/a-tokyo/apple-signin-auth

a-tokyo/apple-signin-auth

2 lines 7.62 kB
1
2
"use strict";Object.defineProperty(exports,"__esModule",{value:true});exports.verifyWebhookToken=exports.verifyIdToken=exports.revokeAuthorizationToken=exports.refreshAuthorizationToken=exports.getClientSecret=exports.getAuthorizationUrl=exports.getAuthorizationToken=exports.default=exports._setFetch=exports._getApplePublicKeys=void 0;var _url=require("url");var _fs=_interopRequireDefault(require("fs"));var _jsonwebtoken=_interopRequireDefault(require("jsonwebtoken"));var _nodeRsa=_interopRequireDefault(require("node-rsa"));function _interopRequireDefault(obj){return obj&&obj.__esModule?obj:{default:obj}}function ownKeys(object,enumerableOnly){var keys=Object.keys(object);if(Object.getOwnPropertySymbols){var symbols=Object.getOwnPropertySymbols(object);enumerableOnly&&(symbols=symbols.filter(function(sym){return Object.getOwnPropertyDescriptor(object,sym).enumerable})),keys.push.apply(keys,symbols)}return keys}function _objectSpread(target){for(var i=1;i<arguments.length;i++){var source=null!=arguments[i]?arguments[i]:{};i%2?ownKeys(Object(source),!0).forEach(function(key){_defineProperty(target,key,source[key])}):Object.getOwnPropertyDescriptors?Object.defineProperties(target,Object.getOwnPropertyDescriptors(source)):ownKeys(Object(source)).forEach(function(key){Object.defineProperty(target,key,Object.getOwnPropertyDescriptor(source,key))})}return target}function _defineProperty(obj,key,value){if(key in obj){Object.defineProperty(obj,key,{value:value,enumerable:true,configurable:true,writable:true})}else{obj[key]=value}return obj}let{fetch}=global;const ENDPOINT_URL="https://appleid.apple.com";let APPLE_KEYS_CACHE={};const getAuthorizationUrl=(options={})=>{var _options$scope;if(!options.clientID){throw Error("clientID is empty")}if(!options.redirectUri){throw Error("redirectUri is empty")}const url=new _url.URL(ENDPOINT_URL);url.pathname="/auth/authorize";url.searchParams.append("response_type","code");url.searchParams.append("state",options.state||"state");url.searchParams.append("client_id",options.clientID);url.searchParams.append("redirect_uri",options.redirectUri);url.searchParams.append("scope",`openid${` ${options.scope}`}`);if((_options$scope=options.scope)!==null&&_options$scope!==void 0&&_options$scope.includes("email")){url.searchParams.append("response_mode","form_post")}else if(options.responseMode){url.searchParams.append("response_mode",options.responseMode)}return url.toString()};exports.getAuthorizationUrl=getAuthorizationUrl;const getClientSecret=(options={})=>{if(!options.clientID){throw new Error("clientID is empty")}if(!options.teamID&&!options.teamId){throw new Error("teamID is empty")}if(!options.keyIdentifier){throw new Error("keyIdentifier is empty")}if(!options.privateKeyPath&&!options.privateKey){throw new Error("privateKey and privateKeyPath are empty")}if(options.privateKeyPath&&options.privateKey){throw new Error("privateKey and privateKeyPath cannot be passed together, choose one of them")}if(options.privateKeyPath&&!_fs.default.existsSync(options.privateKeyPath)){throw new Error("Can't find private key")}const timeNow=Math.floor(Date.now()/1000);const claims={iss:options.teamID||options.teamId,iat:timeNow,exp:timeNow+(options.expAfter||300),aud:ENDPOINT_URL,sub:options.clientID};const header={alg:"ES256",kid:options.keyIdentifier};const key=options.privateKeyPath?_fs.default.readFileSync(options.privateKeyPath):options.privateKey;return _jsonwebtoken.default.sign(claims,key,{algorithm:"ES256",header})};exports.getClientSecret=getClientSecret;const _populateResAsJson=async res=>{const data=await res.text();if(!data){return data}return JSON.parse(data)};const getAuthorizationToken=async(code,options)=>{if(!options.clientID){throw new Error("clientID is empty")}if(!options.clientSecret){throw new Error("clientSecret is empty")}const url=new _url.URL(ENDPOINT_URL);url.pathname="/auth/token";const params=new URLSearchParams;params.append("client_id",options.clientID);params.append("client_secret",options.clientSecret);params.append("code",code);params.append("grant_type","authorization_code");if(options.redirectUri){params.append("redirect_uri",options.redirectUri)}if(options.codeVerifier){params.append("code_verifier",options.codeVerifier)}return fetch(url.toString(),{method:"POST",body:params}).then(res=>_populateResAsJson(res))};exports.getAuthorizationToken=getAuthorizationToken;const refreshAuthorizationToken=async(refreshToken,options)=>{if(!options.clientID){throw new Error("clientID is empty")}if(!options.clientSecret){throw new Error("clientSecret is empty")}const url=new _url.URL(ENDPOINT_URL);url.pathname="/auth/token";const params=new URLSearchParams;params.append("client_id",options.clientID);params.append("client_secret",options.clientSecret);params.append("refresh_token",refreshToken);params.append("grant_type","refresh_token");return fetch(url.toString(),{method:"POST",body:params}).then(res=>_populateResAsJson(res))};exports.refreshAuthorizationToken=refreshAuthorizationToken;const revokeAuthorizationToken=async(token,options)=>{if(!options.clientID){throw new Error("clientID is empty")}if(!options.clientSecret){throw new Error("clientSecret is empty")}const url=new _url.URL(ENDPOINT_URL);url.pathname="/auth/revoke";const params=new URLSearchParams;params.append("client_id",options.clientID);params.append("client_secret",options.clientSecret);params.append("token",token);params.append("token_type_hint",options.tokenTypeHint);const result=await fetch(url.toString(),{method:"POST",body:params});return _populateResAsJson(result)};exports.revokeAuthorizationToken=revokeAuthorizationToken;const _getApplePublicKeys=async({disableCaching}={})=>{const url=new _url.URL(ENDPOINT_URL);url.pathname="/auth/keys";const data=await fetch(url.toString(),{method:"GET",headers:{"Content-Type":"application/json"}}).then(res=>_populateResAsJson(res));APPLE_KEYS_CACHE={};const keyValues=data.keys.map(key=>{const publKeyObj=new _nodeRsa.default;publKeyObj.importKey({n:Buffer.from(key.n,"base64"),e:Buffer.from(key.e,"base64")},"components-public");const publicKey=publKeyObj.exportKey(["public"]);if(!disableCaching){APPLE_KEYS_CACHE[key.kid]=publicKey}return publicKey});return keyValues};exports._getApplePublicKeys=_getApplePublicKeys;const _getIdTokenApplePublicKey=async(header,cb)=>{let error;if(APPLE_KEYS_CACHE[header.kid]){return cb(null,APPLE_KEYS_CACHE[header.kid])}try{await _getApplePublicKeys()}catch(err){error=err}if(APPLE_KEYS_CACHE[header.kid]){return cb(null,APPLE_KEYS_CACHE[header.kid])}return cb(error||new Error("input error: Invalid id token public key id"))};const verifyIdToken=async(idToken,options={})=>new Promise((resolve,reject)=>_jsonwebtoken.default.verify(idToken,_getIdTokenApplePublicKey,_objectSpread({algorithms:"RS256",issuer:ENDPOINT_URL},options),(error,decoded)=>error?reject(error):resolve(decoded)));exports.verifyIdToken=verifyIdToken;const verifyWebhookToken=async(webhookToken,options={})=>new Promise((resolve,reject)=>_jsonwebtoken.default.verify(webhookToken,_getIdTokenApplePublicKey,_objectSpread({algorithms:"RS256",issuer:ENDPOINT_URL},options),(error,decoded)=>error?reject(error):resolve(_objectSpread(_objectSpread({},decoded),{},{events:JSON.parse(decoded.events)}))));exports.verifyWebhookToken=verifyWebhookToken;const _setFetch=fetchFn=>{fetch=fetchFn};exports._setFetch=_setFetch;var _default={getAuthorizationUrl,getClientSecret,getAuthorizationToken,refreshAuthorizationToken,revokeAuthorizationToken,verifyIdToken,verifyWebhookToken,_getApplePublicKeys,_setFetch};exports.default=_default; //# sourceMappingURL=index.js.map