This strategy integrates Apple login capabilities with NestJS's AuthGuard using Passport.
- Utilizes Apple's OAuth2.0 for user authentication
- Uses NestJS's AuthGuard for easy integration
- Provides strongly-typed Profile object
npm install @arendajaelu/nestjs-passport-apple
Here's a full example detailing all available options:
import { Injectable } from '@nestjs/common';
import { AuthGuard, PassportStrategy } from '@nestjs/passport';
import { Strategy, Profile } from '@arendajaelu/nestjs-passport-apple';
const APPLE_STRATEGY_NAME = 'apple';
@Injectable()
export class AppleStrategy extends PassportStrategy(Strategy, APPLE_STRATEGY_NAME) {
constructor() {
super({
clientID: process.env.APPLE_OAUTH_CLIENT_ID,
teamID: process.env.APPLE_TEAMID,
keyID: process.env.APPLE_KEYID,
key: process.env.APPLE_KEY_CONTENTS,
// OR
keyFilePath: process.env.APPLE_KEYFILE_PATH,
callbackURL: process.env.APPLE_OAUTH_CALLBACK_URL
scope: ['email', 'name'],
passReqToCallback: false,
});
}
async validate(_accessToken: string, _refreshToken: string, profile: Profile) {
return {
emailAddress: profile.email,
firstName: profile.name?.firstName || '',
lastName: profile.name?.lastName || '',
};
}
}
@Injectable()
export class AppleOAuthGuard extends AuthGuard(APPLE_STRATEGY_NAME) {}
Note: Make sure to add
AppleStrategy
to theproviders
array in your module.
import { Controller, Get, Post, Req, UseGuards } from '@nestjs/common';
import { ApiTags } from '@nestjs/swagger';
import { AppleOAuthGuard } from './strategies/apple.strategy';
@ApiTags('oauth')
@Controller('oauth')
export class OAuthController {
@Get('apple')
@UseGuards(AppleOAuthGuard)
async appleLogin() {}
@Post('apple/callback')
@UseGuards(AppleOAuthGuard)
async appleCallback(@Req() req) {
return req.user;
}
}
-
clientID
: Apple OAuth2.0 Client ID -
teamID
: Apple Developer Team ID -
keyID
: Apple Key ID -
key
: Contents of the Apple Key. If you want the library to load the contents, usekeyFilePath
instead. -
keyFilePath
: File path to Apple Key; library will load content usingfs.readFileSync
-
authorizationURL
: (Optional) Authorization URL; default ishttps://appleid.apple.com/auth/authorize
-
tokenURL
: (Optional) Token URL; default ishttps://appleid.apple.com/auth/token
-
scope
: (Optional) An array of scopes, e.g.,['email', 'name']
-
sessionKey
: (Optional) Session Key -
state
: (Optional) Should state parameter be used -
passReqToCallback
: (Optional) Should request be passed to thevalidate
callback; default isfalse
-
callbackURL
: (Optional) Callback URL
The validate
callback is called after successful authentication and contains the accessToken
, refreshToken
, and profile
.
Licensed under MIT.