Crate apple_signin

source ·
Expand description

Apple Sign-In

This crate provides an API to verify and decode Apple’s identity JWT. The token is typically generated via ASAuthorizationController from the AuthenticationServices iOS framework.

This crate validates the identityToken instance property present in the ASAuthorizationAppleIDCredential class.

Currently this crate doesn’t support fetching and validating identity tokens via the authorizationCode provided in ASAuthorizationAppleIDCredential

To implement Sign In with Apple:

  • You have to have a valid, paid Apple developer account.
  • Generate an identifier in https://developer.apple.com/account/resources/identifiers/list (eg. com.example.myapp)
  • Make sure Sign In with Apple Capability is enabled on that identifier.
  • Configure your app in Xcode to use that identifier as bundle identifier.
  • Enable the Sign In with Apple Capability in Xcode as well.
  • An identityToken generated with the AuthenticationServices framework can be sent to a backend server for validation.
  • Use this crate to validate and decode the token.

Apple will only provide the email field (and name if requested) the first time you test Sign In with Apple in the simulator with your account. Subsequent authorization requests on iOS will only yeld the user id field.

To get the email field again:

  1. Go to Settings, then tap your name.
  2. Tap Sign-In & Security, then tap Sign in with Apple.
  3. Select the app or developer, then tap Stop Using Apple ID.
  4. You may need to restart the simulator or device

Usage

Create a new client and configure it with your app bundle id(s).

use apple_signin::AppleJwtClient;

#[tokio::main]
async fn main() -> Result<()> {
    let mut client = AppleJwtClient::new(&["com.example.myapp"]);
    let payload = client.decode("[IDENTITY TOKEN]").await?;

    dbg!(payload);

    Ok(())
}

Caching

It is recommended to keep the client instance around and not create a new one on every validation request. The client will fetch and cache JWT keys provided by Apple from https://appleid.apple.com/auth/keys. Only if the cached keys stop working will the client try to fetch new ones.

Structs

Enums

  • AppleJwtError
    A network, validation or decoding error
  • RealUserStatus
    Indicates whether the user appears to be a real person. Apple recommends using this to mitigate fraud.