首先进入developer.apple.com->证书,标识符和配置文件->密钥。为Apple登录生成密钥并下载该密钥。您无法再次下载此密钥,因此请将其保存在安全的地方,不要与他人共享。另外,此处显示的“密钥ID”也要注意这一点,以后将需要它。您还需要团队ID。如果您不知道,它会写在页面的右上角,例如YOURNAME-
XX0XX00XXX。
您将基本上遵循这些步骤。
1,通过密钥生成JWT
2.使用令牌发送身份验证代码
3.解码响应
public class AppleLoginUtil {private static String APPLE_AUTH_URL = "https://appleid.apple.com/auth/token";private static String KEY_ID = "**********";private static String TEAM_ID = "**********";private static String CLIENT_ID = "com.your.bundle.id";private static PrivateKey pKey;private static PrivateKey getPrivateKey() throws Exception {//read your key String path = new ClassPathResource("apple/AuthKey.p8").getFile().getAbsolutePath(); final PEMParser pemParser = new PEMParser(new FileReader(path)); final JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); final PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject(); final PrivateKey pKey = converter.getPrivateKey(object); return pKey;}private static String generateJWT() throws Exception { if (pKey == null) { pKey = getPrivateKey(); } String token = Jwts.builder() .setHeaderParam(JwsHeader.KEY_ID, KEY_ID) .setIssuer(TEAM_ID) .setAudience("https://appleid.apple.com") .setSubject(CLIENT_ID) .setExpiration(new Date(System.currentTimeMillis() + (1000 * 60 * 5))) .setIssuedAt(new Date(System.currentTimeMillis())) .signWith(pKey, SignatureAlgorithm.ES256) .compact(); return token;}public static String appleAuth(String authorizationCode) throws Exception { String token = generateJWT(); HttpResponse<String> response = Unirest.post(APPLE_AUTH_URL) .header("Content-Type", "application/x-www-form-urlenpred") .field("client_id", CLIENT_ID) .field("client_secret", token) .field("grant_type", "authorization_pre") .field("pre", authorizationCode) .asString(); TokenResponse tokenResponse=new Gson().fromJson(response.getBody(),TokenResponse.class); String idToken = tokenResponse.getId_token(); String payload = idToken.split("\.")[1];//0 is header we ignore it for now String depred = new String(Deprers.base64.depre(payload)); IdTokenPayload idTokenPayload = new Gson().fromJson(depred,IdTokenPayload.class); return idTokenPayload.getSub();}}我已使用BouncyCastle jjwt生成令牌。unirest和gson还提供休息电话。
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on --> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcpkix-jdk15on</artifactId> <version>1.63</version> </dependency><!--JJWT--> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-api</artifactId> <version>0.10.7</version> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-impl</artifactId> <version>0.10.7</version> <scope>runtime</scope> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-jackson</artifactId> <version>0.10.7</version> <scope>runtime</scope> </dependency><!--UNIREST--> <dependency> <groupId>com.mashape.unirest</groupId> <artifactId>unirest-java</artifactId> <version>1.4.9</version> </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>4.3.6</version> </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpasyncclient</artifactId> <version>4.0.2</version> </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpmime</artifactId> <version>4.3.6</version> </dependency> <dependency> <groupId>org.json</groupId> <artifactId>json</artifactId> <version>20140107</version> </dependency>
如果您想知道的话,我也解析了对这些类的响应。
public class TokenResponse {private String access_token;private String token_type;private Long expires_in;private String refresh_token;private String id_token;..getters and setters}public class IdTokenPayload {private String iss;private String aud;private Long exp;private Long iat;private String sub;//users unique idprivate String at_hash;private Long auth_time;..getters and setters}
