gerhardberger/chase-sign-in-with-apple.md

Last active May 6, 2021 21:25

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/gerhardberger/9de1aeda0f2b75ba4cd07675b95a12e0.js"></script>
Save gerhardberger/9de1aeda0f2b75ba4cd07675b95a12e0 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

chase-sign-in-with-apple.md

Sign in with Apple in ChaseApp

Web flow

Normal OAuth flow
Electron app should open in browser: https://appleid.apple.com/auth/authorize?redirect_uri=https://chaseapp.io/api/v1/public/apple/oauth&client_id=chase.app.service&response_mode=form_post&response_type=code&scope=openid%20email%20name&state=
Payload received on redirect URL:

const data = req.body as {
  state?: string;
  code?: string;
  error?: string;
  // We get user object on the FIRST authentication only! Email is eventually encoded in the token but not user's name
  // and there is no api to get it from Apple anytime later.
  user?: string;
};

Native flow

fork node-mac-sign-in-with-apple to fix crash (it's crashing on newer electron versions) and return code as well
in app, in renderer on click on 'Sign In with Apple' call over to main process
call node-mac-sign-in-with-apple from main process during sign in
send code + name + email back to renderer and to backend to possibly redirect URL to handle it the same way as normal web-based OAuth flow

Common flow

on backend, get authorization token from Apple or app with code
authorize code with Apple to get access_token, refresh_token, id_token
verify id_token (JWT token)
then keep on refreshing token, normal JWT scenario

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment