apple-sign-in-php-sdk
apple-sign-in-php-sdk copied to clipboard
AzimoLabs
email_verified and is_private_email now returned as boolean by Apple's API?
Hi,
It looks like there was a possible change in Apple's API. It now seems the is_private_email and email_verified fields are now returned as boolean rather than a string. So the code in vendor/azimolabs/apple-sign-in-php-sdk/src/Auth/Factory/AppleJwtStructFactory.php:27 is not right anymore.
See response below: (I var_dumped $claims variable)
["email_verified"]=> bool(true) ["auth_time"]=> int(REDACTED) ["nonce_supported"]=> bool(true)
Not sure what's the best way to fix this, so submitting an issue. Possible a boolval() works?
Hey @mikebouwmans,
Thank you for raising the issue!
I've reviewed the code, and the problem is probably in the Lcobucci\JWT\Token library.
There is an e2e test that could be used to verify if your change works correctly. Simply replace the code:
// For some reason Apple API returns boolean flag as a string
(string) $claims->get('email_verified', 'false') === 'true',
// For some reason Apple API returns boolean flag as a string
(string) $claims->get('is_private_email', 'false') === 'true',
With the:
$claims->get('email_verified', false),
$claims->get('is_private_email', false),
And run the test with the valid token.
I've tried using the e2e test but got the following error: Azimo\Apple\Api\Exception\UnsupportedCryptographicAlgorithmException: Cryptographic algorithm `YuyXoY` is not supported.
But that seems unrelated to this issue. I have tried it using a valid token and your suggested change seems to work. Still wondering if Apple's api actually changed. Couldn't find anything online.
I can't remember exactly how the app needs to be configured. The list of supported algorithms is taken from the API response [1]. It seems like the app generates token using YuyXoY algorithm but Apple doesn't support it anymore.
If your change works and you are able to prove that with an e2e test, create a PR please 🙏🏼