Skip to content

stefanprokopdev/verify-apple-id-token

Repository files navigation

Build Status Publish Status npm version codecov

Verify Apple idToken

  • Small utility which verifies the Apple idToken
  • You can use it on the backend side
  • Token verification is part of Apple sign-in process
  • The flow is
    • Client app (iOS or Android) will redirect user to the OAuth2 login screen
    • User will login
    • App will receive the tokens
    • App should send the idToken to the backend which will verify it
  • Verification steps implemented:
    • Verify the JWS E256 signature using the server’s public key
    • Verify the nonce for the authentication
    • Verify that the iss field contains https://appleid.apple.com
    • Verify that the aud field is the developer’s client_id
    • Verify that the time is earlier than the exp value of the token

Installation

npm install verify-apple-id-token

Usage

Typescript

import verifyAppleToken from "verify-apple-id-token";

const jwtClaims = await verifyAppleToken({
  idToken: "yourIdToken",
  clientId: "yourAppleClientId", // or ["app1ClientId", "app2ClientId"]
  nonce: "nonce", // optional
});

jwtClaims.email; // get email of the user

Javascript

const verifyAppleToken = require("verify-apple-id-token").default;

const jwtClaims = await verifyAppleToken({
  idToken: "yourIdToken",
  clientId: "yourAppleClientId",  // or ["app1ClientId", "app2ClientId"]
  nonce: "nonce", // optional
});

Contribution

Thank you for your interest in contributing to verify-apple-id-token! Please see the CONTRIBUTING.md to learn how to do it!

License

MIT