Fixed bug with usage of JSON web key set of apple

patrickbussmann · Feb 13, 2020 · 134ec39 · 134ec39 · dimajolkin · Feb 13, 2020
1 parent 519e679
commit 134ec39
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,7 +1,7 @@
 # Changelog
 All Notable changes to `oauth2-apple` will be documented in this file
 
-## 0.3.0 - 201X-XX-XX
+## 0.3.0 - 202X-XX-XX
 
 ### Added
 - Nothing
@@ -18,6 +18,24 @@ All Notable changes to `oauth2-apple` will be documented in this file
 ### Security
 - Nothing
 
+## 0.2.1 - 2020-02-13
+
+### Added
+- Nothing
+
+### Deprecated
+- Nothing
+
+### Fixed
+- Handling of Apples JSON Web Key Set
+- Undefined index: code [#4](https://github.com/patrickbussmann/oauth2-apple/pull/4) (thanks to [Darlinkster](https://github.com/Darlinkster))
+
+### Removed
+- Nothing
+
+### Security
+- Nothing
+
 ## 0.2.0 - 2019-10-31
 
 ### Added

diff --git a/src/Token/AppleAccessToken.php b/src/Token/AppleAccessToken.php
@@ -26,17 +26,34 @@ class AppleAccessToken extends AccessToken
     /**
      * Constructs an access token.
      *
-     * @param  array $options An array of options returned by the service provider
+     * @param array $options An array of options returned by the service provider
      *     in the access token request. The `access_token` option is required.
      * @throws InvalidArgumentException if `access_token` is not provided in `$options`.
+     *
+     * @throws \Exception
      */
     public function __construct(array $options = [])
     {
         if (empty($options['id_token'])) {
             throw new InvalidArgumentException('Required option not passed: "id_token"');
         }
 
-        $decoded = JWT::decode($options['id_token'], $this->getAppleKey(), ['RS256']);
+        $decoded = null;
+        $keys = $this->getAppleKey();
+        $last = end($keys);
+        foreach ($keys as $key) {
+            try {
+                $decoded = JWT::decode($options['id_token'], $key, ['RS256']);
+                break;
+            } catch (\Exception $exception) {
+                if ($last === $key) {
+                    throw $exception;
+                }
+            }
+        }
+        if (null === $decoded) {
+            throw new \Exception('Got no data within "id_token"!');
+        }
         $payload = json_decode(json_encode($decoded), true);
 
         $options['resource_owner_id'] = $payload['sub'];
@@ -65,7 +82,7 @@ public function __construct(array $options = [])
      */
     protected function getAppleKey()
     {
-        return JWK::parseKeySet(file_get_contents('https://appleid.apple.com/auth/keys'))['AIDOPK1'];
+        return JWK::parseKeySet(file_get_contents('https://appleid.apple.com/auth/keys'));
     }
 
     /**