Skip to content

Instantly share code, notes, and snippets.

@nebulabox

nebulabox/token.php

Forked from patrickbussmann/token.php
Created September 6, 2021 06:25
Show Gist options
  • Save nebulabox/ae142da3c4a05e2f60844f99e0d25d77 to your computer and use it in GitHub Desktop.
Save nebulabox/ae142da3c4a05e2f60844f99e0d25d77 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @patrickbussmann patrickbussmann created this gist Oct 17, 2019.
    72 changes: 72 additions & 0 deletions token.php
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,72 @@
    <?php
    # composer require web-token/jwt-framework

    require_once 'vendor/autoload.php';

    use Jose\Component\Core\AlgorithmManager;
    use Jose\Component\KeyManagement\JWKFactory;
    use Jose\Component\Signature\Algorithm\ES256;
    use Jose\Component\Signature\JWSBuilder;
    use Jose\Component\Signature\Serializer\CompactSerializer;

    /** Your team identifier: https://developer.apple.com/account/#/membership/ (Team ID) */
    $teamId = '1A234BFK46';
    /** The client id of your service: https://developer.apple.com/account/resources/identifiers/list/serviceId */
    $clientId = 'org.example.service';
    /** Code from request: https://appleid.apple.com/auth/authorize?response_type=code&client_id={$clientId}&scope=email%20name&response_mode=form_post&redirect_uri={$redirectUri} */
    $code = 'ab1c23456fb104dbfa034e0e66bc58370.0.nrwxq.yQMut7nanacO82i7OvNoBg';
    /** The ID of the key file: https://developer.apple.com/account/resources/authkeys/list (Key ID) */
    $keyFileId = '1ABC6523AA';
    /** The path of the file which you downloaded from https://developer.apple.com/account/resources/authkeys/list */
    $keyFileName = 'AuthKey_1ABC6523AA.p8';
    /** The redirect uri of your service which you used in the $code request */
    $redirectUri = 'https://example.org';

    $algorithmManager = new AlgorithmManager([new ES256()]);

    $jwsBuilder = new JWSBuilder($algorithmManager);
    $jws = $jwsBuilder
    ->create()
    ->withPayload(json_encode([
    'iat' => time(),
    'exp' => time() + 3600,
    'iss' => $teamId,
    'aud' => 'https://appleid.apple.com',
    'sub' => $clientId
    ]))
    ->addSignature(JWKFactory::createFromKeyFile($keyFileName), [
    'alg' => 'ES256',
    'kid' => $keyFileId
    ])
    ->build();

    $serializer = new CompactSerializer();
    $token = $serializer->serialize($jws, 0);

    $data = [
    'client_id' => $clientId,
    'client_secret' => $token,
    'code' => $code,
    'grant_type' => 'authorization_code',
    'redirect_uri' => $redirectUri
    ];

    $ch = curl_init();
    curl_setopt_array ($ch, [
    CURLOPT_URL => 'https://appleid.apple.com/auth/token',
    CURLOPT_POSTFIELDS => http_build_query($data),
    CURLOPT_RETURNTRANSFER => true
    ]);
    $response = curl_exec($ch);
    curl_close ($ch);

    var_export(json_decode($response, true));
    /**
    * array (
    * 'access_token' => 'ab12cd3ef45db4f86a7d32cbbf7703a45.0.abcde.Ab01C3_D4elgkHOMcFuXpg',
    * 'token_type' => 'Bearer',
    * 'expires_in' => 3600,
    * 'refresh_token' => 'abcdef12345678bb9bbbefba3e36118a2.0.mrwxq.Vo5t5ogmUXFERuNtiMbrvg',
    * 'id_token' => 'RS256 Encoded Hash',
    * )
    */