Merge pull request #192 from authorizerdev/feat/apple-login

feat: add apple login
fix: update app
2022-06-16 09:48:02 +05:30 · 2022-06-16 09:47:16 +05:30 · 2022-06-16 07:34:10 +05:30 · 2022-06-15 21:55:41 +05:30 · 2022-06-14 16:39:06 +05:30 · 2022-06-14 15:47:08 +05:30
5 changed files with 1566 additions and 1553 deletions
--- a/app/package-lock.json
+++ b/app/package-lock.json
--- a/app/package.json
+++ b/app/package.json
@@ -1,29 +1,29 @@
 {
-	"name": "app",
-	"version": "1.0.0",
-	"description": "",
-	"main": "index.js",
-	"scripts": {
-		"build": "rm -rf build && NODE_ENV=production node ./esbuild.config.js",
-		"start": "NODE_ENV=development node ./esbuild.config.js"
-	},
-	"keywords": [],
-	"author": "Lakhan Samani",
-	"license": "ISC",
-	"dependencies": {
-		"@authorizerdev/authorizer-react": "^0.24.0-beta.1",
-		"@types/react": "^17.0.15",
-		"@types/react-dom": "^17.0.9",
-		"esbuild": "^0.12.17",
-		"react": "^17.0.2",
-		"react-dom": "^17.0.2",
-		"react-is": "^17.0.2",
-		"react-router-dom": "^5.2.0",
-		"typescript": "^4.3.5",
-		"styled-components": "^5.3.0"
-	},
-	"devDependencies": {
-		"@types/react-router-dom": "^5.1.8",
-		"@types/styled-components": "^5.1.11"
-	}
+  "name": "app",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "build": "rm -rf build && NODE_ENV=production node ./esbuild.config.js",
+    "start": "NODE_ENV=development node ./esbuild.config.js"
+  },
+  "keywords": [],
+  "author": "Lakhan Samani",
+  "license": "ISC",
+  "dependencies": {
+    "@authorizerdev/authorizer-react": "^0.24.0",
+    "@types/react": "^17.0.15",
+    "@types/react-dom": "^17.0.9",
+    "esbuild": "^0.12.17",
+    "react": "^17.0.2",
+    "react-dom": "^17.0.2",
+    "react-is": "^17.0.2",
+    "react-router-dom": "^5.2.0",
+    "typescript": "^4.3.5",
+    "styled-components": "^5.3.0"
+  },
+  "devDependencies": {
+    "@types/react-router-dom": "^5.1.8",
+    "@types/styled-components": "^5.1.11"
+  }
 }
--- a/server/handlers/oauth_callback.go
+++ b/server/handlers/oauth_callback.go
@@ -2,6 +2,7 @@ package handlers

 import (
 	"context"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -17,7 +18,6 @@ import (

 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
-	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/memorystore"
@@ -225,7 +225,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 			redirectURL = redirectURL + "?" + strings.TrimPrefix(params, "&")
 		}

-		c.Redirect(http.StatusTemporaryRedirect, redirectURL)
+		c.Redirect(http.StatusFound, redirectURL)
 	}
 }

@@ -462,8 +462,6 @@ func processAppleUserInfo(code string) (models.User, error) {
 		return user, fmt.Errorf("invalid apple exchange code: %s", err.Error())
 	}

-	fmt.Println("=> token", oauth2Token.AccessToken)
-
 	// Extract the ID Token from OAuth2 token.
 	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
 	if !ok {
@@ -471,26 +469,40 @@ func processAppleUserInfo(code string) (models.User, error) {
 		return user, fmt.Errorf("unable to extract id_token")
 	}

-	fmt.Println("=> rawIDToken", rawIDToken)
-
 	tokenSplit := strings.Split(rawIDToken, ".")
 	claimsData := tokenSplit[1]
-	decodedClaimsData, err := crypto.DecryptB64(claimsData)
+	decodedClaimsData, err := base64.RawURLEncoding.DecodeString(claimsData)
 	if err != nil {
-		log.Debug("Failed to decrypt claims data: ", err)
+		log.Debugf("Failed to decrypt claims %s: %s", claimsData, err.Error())
 		return user, fmt.Errorf("failed to decrypt claims data: %s", err.Error())
 	}
-	fmt.Println("=> decoded claims data", decodedClaimsData)

-	claims := map[string]string{}
-	err = json.Unmarshal([]byte(decodedClaimsData), &claims)
+	claims := make(map[string]interface{})
+	err = json.Unmarshal(decodedClaimsData, &claims)
 	if err != nil {
 		log.Debug("Failed to unmarshal claims data: ", err)
 		return user, fmt.Errorf("failed to unmarshal claims data: %s", err.Error())
 	}
-	fmt.Println("=> claims map:", claims)
-	email := claims["email"]
-	user.Email = email
+
+	if val, ok := claims["email"]; !ok {
+		log.Debug("Failed to extract email from claims.")
+		return user, fmt.Errorf("unable to extract email, please check the scopes enabled for your app. It needs `email`, `name` scopes")
+	} else {
+		user.Email = val.(string)
+	}
+
+	if val, ok := claims["name"]; ok {
+		nameData := val.(map[string]interface{})
+		if nameVal, ok := nameData["firstName"]; ok {
+			givenName := nameVal.(string)
+			user.GivenName = &givenName
+		}
+
+		if nameVal, ok := nameData["lastName"]; ok {
+			familyName := nameVal.(string)
+			user.FamilyName = &familyName
+		}
+	}

 	return user, err
 }
--- a/server/handlers/oauth_login.go
+++ b/server/handlers/oauth_login.go
@@ -184,7 +184,9 @@ func OAuthLoginHandler() gin.HandlerFunc {
 				return
 			}
 			oauth.OAuthProviders.AppleConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodApple
-			url := oauth.OAuthProviders.AppleConfig.AuthCodeURL(oauthStateString, oauth2.SetAuthURLParam("response_mode", "form_post"))
+			// there is scope encoding issue with oauth2 and how apple expects, hence added scope manually
+			// check: https://github.com/golang/oauth2/issues/449
+			url := oauth.OAuthProviders.AppleConfig.AuthCodeURL(oauthStateString, oauth2.SetAuthURLParam("response_mode", "form_post")) + "&scope=name email"
 			c.Redirect(http.StatusTemporaryRedirect, url)
 		default:
 			log.Debug("Invalid oauth provider: ", provider)
--- a/server/oauth/oauth.go
+++ b/server/oauth/oauth.go
@@ -130,7 +130,6 @@ func InitOAuth() error {
 				AuthURL:  "https://appleid.apple.com/auth/authorize",
 				TokenURL: "https://appleid.apple.com/auth/token",
 			},
-			Scopes: []string{"email"},
 		}
 	}
Author	SHA1	Message	Date
Lakhan Samani	88f9a10f21	Merge pull request #192 from authorizerdev/feat/apple-login feat: add apple login	2022-06-16 09:48:02 +05:30
Lakhan Samani	4e08d4f8fd	fix: update app	2022-06-16 09:47:16 +05:30
Lakhan Samani	1c4dda9299	fix: remove debug logs	2022-06-16 07:34:10 +05:30
Lakhan Samani	ab18fa5832	fix: use raw base64 url decoding	2022-06-15 21:55:41 +05:30
Lakhan Samani	484d0c0882	chore: update app	2022-06-14 16:39:06 +05:30
Lakhan Samani	be59c3615f	fix: add comment for scope	2022-06-14 15:47:08 +05:30
Lakhan Samani	db351f7771	fix: remove debug logs	2022-06-14 15:45:06 +05:30
Lakhan Samani	91c29c4092	fix: redirect	2022-06-14 15:43:23 +05:30
Lakhan Samani	415b97535e	fix: update scope param	2022-06-14 15:05:56 +05:30
Lakhan Samani	7d1272d815	fix: update scope for apple login	2022-06-14 14:41:31 +05:30
Lakhan Samani	c9ba0b13f8	fix: update scope for apple login	2022-06-14 13:37:05 +05:30
Lakhan Samani	fadd9f6168	fix: update scope for apple login	2022-06-14 13:11:39 +05:30
Lakhan Samani	395e2e2a85	fix: update scope for apple login	2022-06-14 12:35:23 +05:30