verify-apple-id-token
Version:
Verify the Apple id token on the server side.
64 lines (47 loc) • 2.4 kB
Markdown
[](https://github.com/stefan-prokop-cz/verify-apple-id-token/actions)
[](https://github.com/stefan-prokop-cz/verify-apple-id-token/actions)
[](https://www.npmjs.com/package/verify-apple-id-token)
[](https://codecov.io/gh/stefan-prokop-cz/verify-apple-id-token)
- Small utility which verifies the Apple idToken
- You can use it on the backend side
- Token verification is part of [Apple sign-in](https://developer.apple.com/documentation/signinwithapplerestapi) process
- The flow is
- Client app (iOS or Android) will redirect user to the OAuth2 login screen
- User will login
- App will receive the tokens
- App should send the `idToken` to the backend which will verify it
- [Verification steps implemented](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/verifying_a_user):
- Verify the JWS E256 signature using the server’s public key
- Verify the nonce for the authentication
- Verify that the iss field contains https://appleid.apple.com
- Verify that the aud field is the developer’s client_id
- Verify that the time is earlier than the exp value of the token
## Installation
```bash
npm install verify-apple-id-token
```
## Usage
### Typescript
```typescript
import verifyAppleToken from "verify-apple-id-token";
const jwtClaims = await verifyAppleToken({
idToken: "yourIdToken",
clientId: "yourAppleClientId", // or ["app1ClientId", "app2ClientId"]
nonce: "nonce", // optional
});
jwtClaims.email; // get email of the user
```
```javascript
const verifyAppleToken = require("verify-apple-id-token").default;
const jwtClaims = await verifyAppleToken({
idToken: "yourIdToken",
clientId: "yourAppleClientId", // or ["app1ClientId", "app2ClientId"]
nonce: "nonce", // optional
});
```
Thank you for your interest in contributing to `verify-apple-id-token`! Please see the [CONTRIBUTING.md](./CONTRIBUTING.md) to learn how to do it!
[](./LICENSE)