Google has an SDK that essentially allows you to verify the User IdToken. Does Apple provide something similar? Or is the verification process different. If so could someone please let me know.
Asked
Active
Viewed 101 times
0
-
Are you talking about Sign In with Apple? On a web site or in an iOS app? For a native app you probably want [this](https://developer.apple.com/documentation/authenticationservices/asauthorizationappleidprovider/3175423-getcredentialstate). For web sites there is both a [REST api](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api) and a [Javascript framework](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js) – Paulw11 Jun 14 '22 at 11:59
-
@Paulw11 I tried following the instructions for REST api. But I'm still unclear about how I'd "Verify the identity token" under "Verifying a user". It simply says the app server must verify the items. But I'm not sure how. – Zephyr Jun 14 '22 at 12:02
-
Are you referring to [this page](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/verifying_a_user)? It lists what you need to check in the JWT. – Paulw11 Jun 14 '22 at 12:06
-
@Paulw11 Yes. So the server will need to verify them individually on their own? I suppose we could do that. But even then I'm not sure about the first point "Verify the JWS E256 signature using the server’s public key". The others seem straightforward – Zephyr Jun 14 '22 at 13:16
-
As per your other question, once you have the public key you can find plenty of JWT libraries in npmjs that can help with JWT verification – Paulw11 Jun 14 '22 at 13:26
-
Thanks a lot @Paulw11 what's most popular? – Zephyr Jun 14 '22 at 13:47