Crate apple_signin

Source
Expand description

§Apple Sign-In

This crate provides an API to verify and decode Apple’s identity JWT. The token is typically generated via ASAuthorizationController from the AuthenticationServices iOS framework.

This crate validates the identityToken instance property present in the ASAuthorizationAppleIDCredential class.

Currently this crate doesn’t support fetching and validating identity tokens via the authorizationCode provided in ASAuthorizationAppleIDCredential

To implement Sign In with Apple:

  • You have to have a valid, paid Apple developer account.
  • Generate an identifier in https://developer.apple.com/account/resources/identifiers/list (eg. com.example.myapp)
  • Make sure Sign In with Apple Capability is enabled on that identifier.
  • Configure your app in Xcode to use that identifier as bundle identifier.
  • Enable the Sign In with Apple Capability in Xcode as well.
  • An identityToken generated with the AuthenticationServices framework can be sent to a backend server for validation.
  • Use this crate to validate and decode the token.

Apple will only provide the email field (and name if requested) the first time you test Sign In with Apple in the simulator with your account. Subsequent authorization requests on iOS will only yeld the user id field.

To get the email field again:

  1. Go to Settings, then tap your name.
  2. Tap Sign-In & Security, then tap Sign in with Apple.
  3. Select the app or developer, then tap Stop Using Apple ID.
  4. You may need to restart the simulator or device

§Usage

Create a new client and configure it with your app bundle id(s).

use apple_signin::AppleJwtClient;

#[tokio::main]
async fn main() -> Result<()> {
    let mut client = AppleJwtClient::new(&["com.example.myapp"]);
    let payload = client.decode("[IDENTITY TOKEN]").await?;

    dbg!(payload);

    Ok(())
}

§Caching

It is recommended to keep the client instance around and not create a new one on every validation request. The client will fetch and cache JWT keys provided by Apple from https://appleid.apple.com/auth/keys. Only if the cached keys stop working will the client try to fetch new ones.

Structs§

AppleJwtClient
JwtPayload
Contains the extracted information from a valid JWT

Enums§

AppleJwtError
A network, validation or decoding error
RealUserStatus
Indicates whether the user appears to be a real person. Apple recommends using this to mitigate fraud.