Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔽 cant use jsonwebtoken #42

Merged
merged 1 commit into from
Sep 30, 2024
Merged

🔽 cant use jsonwebtoken #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@
"@nuxt/ui-pro": "^1.4.3",
"@prisma/adapter-d1": "^5.20.0",
"@types/jsonwebtoken": "^9.0.7",
"date-fns": "^4.1.0"
"date-fns": "^4.1.0",
"jose": "^5.9.3"
},
"devDependencies": {
"@antfu/eslint-config": "^3.7.1",
Expand All @@ -49,7 +50,6 @@
"@vitest/ui": "^2.1.1",
"dotenv-cli": "^7.4.2",
"happy-dom": "^15.7.4",
"jsonwebtoken": "^9.0.2",
"nuxt": "^3.13.2",
"nuxt-auth-utils": "^0.3.9",
"nuxt-og-image": "3.0.2",
Expand Down
87 changes: 8 additions & 79 deletions pnpm-lock.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion server/controllers/oauth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ export const appleHandler = defineEventHandler(async (event) => {
const config = useRuntimeConfig(event).apple
const body = await readBody(event)
const token = await apple.getAuthToken(config, body.code)
const verified = apple.verifyIdToken(token.id_token)
const verified = await apple.verifyIdToken(token.id_token)

let dbUser
if (body.user)
Expand Down
26 changes: 18 additions & 8 deletions server/utils/apple.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import jwt from 'jsonwebtoken'
import * as jose from 'jose'

import { FetchError } from 'ofetch'

Expand Down Expand Up @@ -54,7 +54,7 @@ const getAuthURL = (config: AppleConfig): string => {
return url.toString()
}

const getSecret = (config: AppleConfig) => {
const getSecret = async (config: AppleConfig) => {
const timeNow = Math.floor(Date.now() / 1000)

const claims = {
Expand All @@ -69,7 +69,13 @@ const getSecret = (config: AppleConfig) => {
${config.privateKey.split(':BR:').join('\n')}
-----END PRIVATE KEY-----`

return jwt.sign(claims, key, { algorithm: 'ES256', header })
// return jwt.sign(claims, key, { algorithm: 'ES256', header })
const privateKey = await jose.importPKCS8(key, 'ES256')
return new jose.SignJWT(claims)
.setProtectedHeader(header)
.setIssuedAt()
.setExpirationTime('5m')
.sign(privateKey)
}

// taken from nuxt-auth-utils until we can figure out how to import it
Expand Down Expand Up @@ -99,18 +105,22 @@ export async function requestAccessToken(url: string, options: RequestAccessToke
const getAuthToken = async (config: AppleConfig, code: string): Promise<AppleTokenResponse> => {
return requestAccessToken('https://appleid.apple.com/auth/token', { params: {
client_id: config.clientId,
client_secret: getSecret(config),
client_secret: await getSecret(config),
code,
grant_type: 'authorization_code',
redirect_uri: config.redirectURL,
} })
}

const verifyIdToken = (idToken: string): AppleVerifiedToken => {
return jwt.decode(idToken, {
algorithm: 'RS256',
const verifyIdToken = async (idToken: string): Promise<AppleVerifiedToken> => {
const JWKS = jose.createRemoteJWKSet(new URL('https://appleid.apple.com/auth/keys'))

const { payload } = await jose.jwtVerify(idToken, JWKS, {
issuer: 'https://appleid.apple.com',
}) as unknown as AppleVerifiedToken
audience: 'fume.bio',
})

return payload as unknown as AppleVerifiedToken
}

export const apple = {
Expand Down