Generate Signin with Apple JWT - client_secret
martin-robert-fink opened this issue · comments
I want to create a Dart version of creating an ES256/P-256 signed JWT as a client_secret for use with Signin with Apple. I've tried with the Dart Jose plugin to make this work in Dart. I can't even read the Apple secret key from a PEM file (the P8 file you get from apple when you create your private key)...
var key = JsonWebKey.fromPem(File('key.txt').readAsStringSync());
I get the error Unknown algoritmh ecPublicKey
.
Without even being able to read the Apple PEM file, I can't really make a lot of progress. Is there something basic I'm missing to get this to work. It seems it shouldn't be that hard to generate a signed JWT????
Thanks!
Martin
The process from Apple is documented at the bottom of this link:
https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens
There is a Jose/PHP version of this process here:
https://gist.github.com/patrickbussmann/877008231ef082cc5dc4ee5ca661a641
There is a Ruby version using the JWT GEM of this process here:
https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
Here's the Ruby code for ease of reference since it's at the very bottom of that link:
require 'jwt'
key_file = 'key.txt'
team_id = ''
client_id = ''
key_id = ''
ecdsa_key = OpenSSL::PKey::EC.new IO.read key_file
headers = {
'kid' => key_id
}
claims = {
'iss' => team_id,
'iat' => Time.now.to_i,
'exp' => Time.now.to_i + 86400*180,
'aud' => 'https://appleid.apple.com',
'sub' => client_id,
}
token = JWT.encode claims, ecdsa_key, 'ES256', headers
puts token
The PEM file is parsed by the x509
package, so this issue actually belonged there. Anyway it should be fixed in version 0.2.0-nullsafety.2
of x509
.
I can confirm that the null-safety versions of Jose/x509 fixed the issue and it all works.