Created
April 22, 2020 19:08
-
-
Save codyromano/acf6b43b54196e294cb4650998b48f37 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import jwksClient from 'jwks-rsa'; | |
| import jsonWebToken from 'jsonwebtoken'; | |
| const jwksUri = 'https://appleid.apple.com/auth/keys'; | |
| const client = jwksClient({ | |
| jwksUri | |
| }); | |
| function getKey(header, callback) { | |
| client.getSigningKey(header.kid, function(err, key) { | |
| callback(null, key.getPublicKey()); | |
| }); | |
| } | |
| export function validateAppleIdentityToken(identityToken: string): boolean { | |
| const token: string = Buffer.from(identityToken, 'base64').toString('utf8'); | |
| const payload = jsonWebToken.verify(token, getKey, null, function (err, decoded) { | |
| if (err) { | |
| throw err; | |
| } | |
| if (!decoded.iss || decoded.iss !== "https://appleid.apple.com") { | |
| throw new Error('Apple JWT has invalid issuer'); | |
| } | |
| if (!decoded.aud || decoded.aud !== "com.tilig.Tilig-app") { | |
| throw new Error('Apple JWT has invalid audience'); | |
| } | |
| if (!decoded.exp || decoded.exp >= new Date().getTime()) { | |
| throw new Error('Apple JWT has an invalid expiration'); | |
| } | |
| }); | |
| return !!payload; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment