php-apple-signin icon indicating copy to clipboard operation
php-apple-signin copied to clipboard

Published 20 hours ago verified publisher icon GriffinLedingham

Apple multiple Public keys

Open ElKnarzo opened this issue 5 years ago • 2 comments

The decoding of the JSON web token, which is created when logging in with the Apple SignIn process, sometimes fails due to a SignatureInvalidException.

I found out that Apple delivers several public keys via "https://appleid.apple.com/auth/keys". With Apple SignIn, one of these keys happens to be used for the JWT. However, the ASDecoder is fixed on a specific index of the key array.

This leads to this exception because an incorrect public key is used for decoding.

ElKnarzo avatar Feb 25 '20 06:02 ElKnarzo

The decoding of the JSON web token, which is created when logging in with the Apple SignIn process, sometimes fails due to a SignatureInvalidException.

I found out that Apple delivers several public keys via "https://appleid.apple.com/auth/keys". With Apple SignIn, one of these keys happens to be used for the JWT. However, the ASDecoder is fixed on a specific index of the key array.

This leads to this exception because an incorrect public key is used for decoding.

Apple send back the Key Id "kid" in the response so you can lookup the appropriate key. 在 identityToken 中base64解析出来json包含kid,可以找到 https://appleid.apple.com/auth/keys 里其中一组key。

From Sign in with apple - Multiple public keys returned https://forums.developer.apple.com/thread/129047

gengzhenfei avatar Mar 12 '20 08:03 gengzhenfei

I understood that this issue was fixed in: https://github.com/GriffinLedingham/php-apple-signin/pull/8/commits

I still get SignatureInvalidExceptions exactly like before, so the lib still picks the wrong key. Did someone got this fixed or am I using the lib wrong?

TipiT avatar Aug 26 '20 08:08 TipiT