fix: id token parsing

fix: scope for apple login
fix: apple client secret field
2022-06-14 11:38:04 +05:30 · 2022-06-14 11:21:26 +05:30 · 2022-06-14 11:11:09 +05:30 · 2022-06-14 10:56:47 +05:30
3 changed files with 18 additions and 9 deletions
--- a/dashboard/src/constants.ts
+++ b/dashboard/src/constants.ts
@@ -9,7 +9,6 @@ export const TextInputType = {
 	FACEBOOK_CLIENT_ID: 'FACEBOOK_CLIENT_ID',
 	LINKEDIN_CLIENT_ID: 'LINKEDIN_CLIENT_ID',
 	APPLE_CLIENT_ID: 'APPLE_CLIENT_ID',
-	APPLE_CLIENT_SECRET: 'APPLE_CLIENT_SECRET',
 	JWT_ROLE_CLAIM: 'JWT_ROLE_CLAIM',
 	REDIS_URL: 'REDIS_URL',
 	SMTP_HOST: 'SMTP_HOST',
--- a/server/handlers/oauth_callback.go
+++ b/server/handlers/oauth_callback.go
@@ -17,6 +17,7 @@ import (

 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
+	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/memorystore"
@@ -472,14 +473,23 @@ func processAppleUserInfo(code string) (models.User, error) {

 	fmt.Println("=> rawIDToken", rawIDToken)

-	// Parse and verify ID Token payload.
-	claims, err := token.ParseJWTToken(rawIDToken)
+	tokenSplit := strings.Split(rawIDToken, ".")
+	claimsData := tokenSplit[1]
+	decodedClaimsData, err := crypto.DecryptB64(claimsData)
 	if err != nil {
-		log.Debug("Failed to parse apple id token: ", err)
-		return user, err
+		log.Debug("Failed to decrypt claims data: ", err)
+		return user, fmt.Errorf("failed to decrypt claims data: %s", err.Error())
 	}
-	fmt.Println("claims:", claims)
-	email := claims["email"].(string)
+	fmt.Println("=> decoded claims data", decodedClaimsData)
+
+	claims := map[string]string{}
+	err = json.Unmarshal([]byte(decodedClaimsData), &claims)
+	if err != nil {
+		log.Debug("Failed to unmarshal claims data: ", err)
+		return user, fmt.Errorf("failed to unmarshal claims data: %s", err.Error())
+	}
+	fmt.Println("=> claims map:", claims)
+	email := claims["email"]
 	user.Email = email

 	return user, err
--- a/server/oauth/oauth.go
+++ b/server/oauth/oauth.go
@@ -124,13 +124,13 @@ func InitOAuth() error {
 	if appleClientID != "" && appleClientSecret != "" {
 		OAuthProviders.AppleConfig = &oauth2.Config{
 			ClientID:     appleClientID,
-			ClientSecret: appleClientID,
+			ClientSecret: appleClientSecret,
 			RedirectURL:  "/oauth_callback/apple",
 			Endpoint: oauth2.Endpoint{
 				AuthURL:  "https://appleid.apple.com/auth/authorize",
 				TokenURL: "https://appleid.apple.com/auth/token",
 			},
-			Scopes: []string{},
+			Scopes: []string{"email"},
 		}
 	}
Author	SHA1	Message	Date
Lakhan Samani	f4691fca1f	fix: id token parsing	2022-06-14 11:38:04 +05:30
Lakhan Samani	341d4fbae5	fix: scope for apple login	2022-06-14 11:21:26 +05:30
Lakhan Samani	e467b45ab1	fix: apple client secret field	2022-06-14 11:11:09 +05:30
Lakhan Samani	7edfad3486	fix: apple client secret field	2022-06-14 10:56:47 +05:30