class AppleSignIn::ClientSecretGenerator

Public Instance Methods

generate(identity_token) click to toggle source
# File lib/apple_sign_in/client_secret_generator.rb, line 12
def generate(identity_token)
  apple_client_id = extract_apple_client_id(identity_token)
  claims = create_claims(apple_client_id)
  jwt(claims)
end

Private Instance Methods

create_claims(apple_client_id) click to toggle source
# File lib/apple_sign_in/client_secret_generator.rb, line 27
def create_claims(apple_client_id)
  {
    "iss" => apple_team_id,
    "iat" => Time.now.to_i,
    "exp" => 5.months.from_now.to_i,
    "aud" => apple_base_url,
    "sub" => apple_client_id
  }
end
extract_apple_client_id(identity_token) click to toggle source
# File lib/apple_sign_in/client_secret_generator.rb, line 47
def extract_apple_client_id(identity_token)
  token_payload = JSON::JWT.decode(identity_token, :skip_verification)
  token_payload["aud"]
end
headers() click to toggle source
# File lib/apple_sign_in/client_secret_generator.rb, line 41
def headers
  {
    "kid" => apple_key_id
  }
end
jwt(claims) click to toggle source
# File lib/apple_sign_in/client_secret_generator.rb, line 20
def jwt(claims)
  jwt = JSON::JWT.new(claims)
  jwt.kid = apple_key_id
  jws = jwt.sign(private_key, :ES256)
  jws.to_s
end
private_key() click to toggle source
# File lib/apple_sign_in/client_secret_generator.rb, line 37
def private_key
  OpenSSL::PKey::EC.new apple_private_key
end