Sign In With Apple

1 files changed, 85 insertions, 0 deletions

diff --git a/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java b/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java
new file mode 100644
index 00000000..3af6bc7a
--- /dev/null
+++ b/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2008-2019, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.github.scribejava.apis;
+
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.apache.commons.io.FileUtils;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.EncodedKeySpec;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.time.*;
+import java.util.Base64;
+import java.util.Date;
+
+public class AppleClientSecretGenerator {
+    private final String subject;
+    private final String teamId;
+    private final String keyId;
+
+    private final Key signingKey;
+
+    public AppleClientSecretGenerator(final String subject, final String teamId, final String keyId, final String keyPath)
+            throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+        this.subject = subject;
+        this.keyId = keyId;
+        this.teamId = teamId;
+
+        String pemData = FileUtils.readFileToString(new File(keyPath), StandardCharsets.UTF_8);
+        String p8encodedData = pemData
+                .replace(
+                        "-----BEGIN PRIVATE KEY-----\n", "")
+                .replace("\n", "")
+                .replace("-----END PRIVATE KEY-----", "");
+        KeyFactory kf = KeyFactory.getInstance("EC");
+        EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(p8encodedData));
+        signingKey = kf.generatePrivate(keySpec);
+    }
+
+    public String getClientSecret() {
+        Instant now = Instant.now();
+        return Jwts.builder()
+                .setHeaderParam("kid", keyId)
+                .setIssuer(teamId)
+                .setAudience("https://appleid.apple.com")
+                .setIssuedAt(Date.from(now))
+                .setSubject(subject)
+                .setExpiration(Date.from(ZonedDateTime.ofInstant(now, ZoneId.of("UTC")).plusMonths(1).toInstant()))
+                .signWith(signingKey, SignatureAlgorithm.ES256)
+                .compact();
+    }
+
+    public String getTeamId() {
+        return teamId;
+    }
+
+    public String getKeyId() {
+        return keyId;
+    }
+
+    public String getApplicationId() {
+        return subject;
+    }
+}