Sign in with Apple in JavaScript
Apple OAuth implementation
Posted by Erwindo SianiparOct 10, 2023 (a year ago) · 3 min read
Photo by Charlesdeluvio on Unsplash
Registering App Identifier and App Secret
Recommend to use reversed domain pattern like
com.domain.subdomainRegister a services to use Sign in with Apple and complete the configuration like whitelisting the domain and the redirect URI.
JSON Web Token Validation
After receive the authorization token from providers like Apple or Google service, we need to verify that the JWT token is signed from the valid providers.
⚠️
The step bellow is very important to ensure that the request that coming into the server is legit for authentication
Apple Public Keys Service
When it comes to Apple's public keys for JWKs, they are primarily used for authentication and authorization in Apple's identity and access management systems, such as Apple's Sign in with Apple service. These public keys are made available by Apple to verify the authenticity of JWTs generated during the authentication process.
Google Public Keys Service
Google's public keys for JWKs are used for various authentication and security purposes, particularly in the context of OAuth 2.0. Google provides these public keys to allow third-party applications and services to verify and authenticate tokens issued by Google.
ℹ️
The blog is continuing written and research to completely this article, feel free to give me a feedback for this things, I will be very appreciate.
More from Erwindo SianiparSee all
