marcoslhc · July 29, 2020 23:03
diff --git a/token.php b/token.php
 <?php
 # composer require web-token/jwt-framework

 require_once 'vendor/autoload.php';

 use Jose\Component\Core\AlgorithmManager;
 use Jose\Component\KeyManagement\JWKFactory;
 use Jose\Component\Signature\Algorithm\ES256;
 use Jose\Component\Signature\JWSBuilder;
 use Jose\Component\Signature\Serializer\CompactSerializer;

 /** Your team identifier: https://developer.apple.com/account/#/membership/ (Team ID) */
 $teamId = '1A234BFK46';
 /** The client id of your service: https://developer.apple.com/account/resources/identifiers/list/serviceId */
 $clientId = 'org.example.service';
 /** Code from request: https://appleid.apple.com/auth/authorize?response_type=code&client_id={$clientId}&scope=email%20name&response_mode=form_post&redirect_uri={$redirectUri} */
 $code = 'ab1c23456fb104dbfa034e0e66bc58370.0.nrwxq.yQMut7nanacO82i7OvNoBg';
 /** The ID of the key file: https://developer.apple.com/account/resources/authkeys/list (Key ID) */
 $keyFileId = '1ABC6523AA';
 /** The path of the file which you downloaded from https://developer.apple.com/account/resources/authkeys/list */
 $keyFileName = 'AuthKey_1ABC6523AA.p8';
 /** The redirect uri of your service which you used in the $code request */
 $redirectUri = 'https://example.org';

 $algorithmManager = new AlgorithmManager([new ES256()]);

 $jwsBuilder = new JWSBuilder($algorithmManager);
 $jws = $jwsBuilder
 	->create()
 	->withPayload(json_encode([
 		'iat' => time(),
 		'exp' => time() + 3600,
 		'iss' => $teamId,
 		'aud' => 'https://appleid.apple.com',
 		'sub' => $clientId
 	]))
 	->addSignature(JWKFactory::createFromKeyFile($keyFileName), [
 		'alg' => 'ES256',
 		'kid' => $keyFileId
 	])
 	->build();

 $serializer = new CompactSerializer();
 $token = $serializer->serialize($jws, 0);

 $data = [
 	'client_id' => $clientId,
 	'client_secret' => $token,
 	'code' => $code,
 	'grant_type' => 'authorization_code',
 	'redirect_uri' => $redirectUri
 ];

 $ch = curl_init();
 curl_setopt_array ($ch, [
 	CURLOPT_URL => 'https://appleid.apple.com/auth/token',
 	CURLOPT_POSTFIELDS => http_build_query($data),
 	CURLOPT_RETURNTRANSFER => true
 ]);
 $response = curl_exec($ch);
 curl_close ($ch);

 var_export(json_decode($response, true));
 /**
 * array (
 *   'access_token' => 'ab12cd3ef45db4f86a7d32cbbf7703a45.0.abcde.Ab01C3_D4elgkHOMcFuXpg',
 *   'token_type' => 'Bearer',
 *   'expires_in' => 3600,
 *   'refresh_token' => 'abcdef12345678bb9bbbefba3e36118a2.0.mrwxq.Vo5t5ogmUXFERuNtiMbrvg',
 *   'id_token' => 'RS256 Encoded Hash',
 * )
 */
	<?php
	# composer require web-token/jwt-framework

	require_once 'vendor/autoload.php';

	use Jose\Component\Core\AlgorithmManager;
	use Jose\Component\KeyManagement\JWKFactory;
	use Jose\Component\Signature\Algorithm\ES256;
	use Jose\Component\Signature\JWSBuilder;
	use Jose\Component\Signature\Serializer\CompactSerializer;

	/** Your team identifier: https://developer.apple.com/account/#/membership/ (Team ID) */
	$teamId = '1A234BFK46';
	/** The client id of your service: https://developer.apple.com/account/resources/identifiers/list/serviceId */
	$clientId = 'org.example.service';
	/** Code from request: https://appleid.apple.com/auth/authorize?response_type=code&client_id={$clientId}&scope=email%20name&response_mode=form_post&redirect_uri={$redirectUri} */
	$code = 'ab1c23456fb104dbfa034e0e66bc58370.0.nrwxq.yQMut7nanacO82i7OvNoBg';
	/** The ID of the key file: https://developer.apple.com/account/resources/authkeys/list (Key ID) */
	$keyFileId = '1ABC6523AA';
	/** The path of the file which you downloaded from https://developer.apple.com/account/resources/authkeys/list */
	$keyFileName = 'AuthKey_1ABC6523AA.p8';
	/** The redirect uri of your service which you used in the $code request */
	$redirectUri = 'https://example.org';

	$algorithmManager = new AlgorithmManager([new ES256()]);

	$jwsBuilder = new JWSBuilder($algorithmManager);
	$jws = $jwsBuilder
	->create()
	->withPayload(json_encode([
	'iat' => time(),
	'exp' => time() + 3600,
	'iss' => $teamId,
	'aud' => 'https://appleid.apple.com',
	'sub' => $clientId
	]))
	->addSignature(JWKFactory::createFromKeyFile($keyFileName), [
	'alg' => 'ES256',
	'kid' => $keyFileId
	])
	->build();

	$serializer = new CompactSerializer();
	$token = $serializer->serialize($jws, 0);

	$data = [
	'client_id' => $clientId,
	'client_secret' => $token,
	'code' => $code,
	'grant_type' => 'authorization_code',
	'redirect_uri' => $redirectUri
	];

	$ch = curl_init();
	curl_setopt_array ($ch, [
	CURLOPT_URL => 'https://appleid.apple.com/auth/token',
	CURLOPT_POSTFIELDS => http_build_query($data),
	CURLOPT_RETURNTRANSFER => true
	]);
	$response = curl_exec($ch);
	curl_close ($ch);

	var_export(json_decode($response, true));
	/**
	* array (
	* 'access_token' => 'ab12cd3ef45db4f86a7d32cbbf7703a45.0.abcde.Ab01C3_D4elgkHOMcFuXpg',
	* 'token_type' => 'Bearer',
	* 'expires_in' => 3600,
	* 'refresh_token' => 'abcdef12345678bb9bbbefba3e36118a2.0.mrwxq.Vo5t5ogmUXFERuNtiMbrvg',
	* 'id_token' => 'RS256 Encoded Hash',
	* )
	*/