verify-apple-token

2.1.0 • Public • Published

Build Status Publish Status npm version codecov

Verify Apple idToken

  • Small utility which verifies the Apple idToken
  • You can use it on the backend side
  • Token verification is part of Apple sign-in process
  • The flow is
    • Client app (iOS or Android) will redirect user to the OAuth2 login screen
    • User will login
    • App will receive the tokens
    • App should send the idToken to the backend which will verify it
  • Verification steps implemented:
    • Verify the JWS E256 signature using the server’s public key
    • Verify the nonce for the authentication
    • Verify that the iss field contains https://appleid.apple.com
    • Verify that the aud field is the developer’s client_id
    • Verify that the time is earlier than the exp value of the token

Installation

npm install verify-apple-token

Usage

Typescript

import verifyAppleToken from 'verify-apple-id-token';

const jwtClaims = await verifyAppleToken({
    idToken: 'yourIdToken',
    clientId: 'yourAppleClientId',
    nonce: 'nonce', // optional
});

Javascript

const verifyAppleToken = require('verify-apple-id-token').default;

const jwtClaims = await verifyAppleToken({
    idToken: 'yourIdToken',
    clientId: 'yourAppleClientId',
    nonce: 'nonce', // optional
});

Package Sidebar

Install

npm i verify-apple-token

Weekly Downloads

6

Version

2.1.0

License

MIT

Unpacked Size

71.9 kB

Total Files

40

Last publish

Collaborators

  • quanghuy_1992_vn