Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to generate the client_secret by php laravel instead of RR script. #37

Open
vtayson opened this issue Jul 19, 2021 · 3 comments
Open

How to generate the client_secret by php laravel instead of RR script. #37

vtayson opened this issue Jul 19, 2021 · 3 comments
Assignees
@mikebronner
Labels
enhancement New feature or request

Comments

@vtayson
Copy link

vtayson commented Jul 19, 2021

Hi team,

When generating the client secret at step 4 in below guideline, there was an expired time for the key. That's mean after this amount of time, the client secret will get expired and we have manually run the RR script again and update the client secret.
https://github.com/GeneaLabs/laravel-sign-in-with-apple#configuration

Is there a way so that we can generate the client secret using php/laravel code, so that we can control the expiry time and automatically run the code and get a new client secret ?

Thanks,
Son
@mikebronner
Copy link
Owner

Hi @vtayson, this is something I have been meaning to look into. I believe it will involve a fair bit of work, but not sure yet exactly what needs to be done.

@mikebronner mikebronner self-assigned this Jul 19, 2021
@mikebronner mikebronner added the enhancement New feature or request label Jul 19, 2021
@vtayson
Copy link
Author

vtayson commented Jul 20, 2021

@mikebronner , I was trying to convert the script to a php function using Firebase-JWT and openssl_pkey_get_private, something like below. It was able to generate a key, but always get "invalid client" message when trying to user that secret.

`$privateKeyFile = 'key.txt';
//read the private key
$privateKey = openssl_pkey_get_private(
file_get_contents(storage_path($privateKeyFile))
);
//Prepare payload
$payload = array(
'iss' => 'xxx',
'iat' => Carbon::now()->timestamp,
'exp' => 1800,
'aud' => 'https://appleid.apple.com',
'sub' => 'xxx'
);
//Prepare header
$header = [
'kid' => 'xxx'
];
//Generate jwt code
$jwt = JWT::encode($payload, $privateKey, 'ES256', null, $header);

var_dump($jwt); die;`

@jordysinke
Copy link

I got a working version using Firebase\JWT. Added this code to a separate class.

return \Cache::remember('sign_in_with_apple_client_secret', now()->addMonth(), function () {
            $privateKey = "...";
            $keyId = "...";
            $teamId = "...";
            $clientId = config('services.sign_in_with_apple.client_id');

            $payload = [
                'iss' => $teamId,
                'iat' => now()->getTimestamp(),
                'exp' => now()->addMonths(3)->getTimestamp(),
                'aud' => 'https://appleid.apple.com',
                'sub' => $clientId,
            ];

            return JWT::encode($payload, $privateKey, 'ES256', $keyId);
        });

Then I created a ServiceProvider with the following code, copied from the source code. Then added 'client_secret' to the config variable (which calls code above).

$socialite = $this->app->make(Factory::class);
$socialite->extend(
    'sign-in-with-apple',
    function ($app) use ($socialite) {
        $config = $app['config']['services.sign_in_with_apple'];
        $config['client_secret'] = dispatch_sync(new \App\Actions\CreateSignInWithAppleClientSecret);

        return $socialite
            ->buildProvider(
                SignInWithAppleProvider::class,
                $config
            );
    }
);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mikebronner mikebronner

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mikebronner @jordysinke @vtayson