From 8e162cd2355dfd84d401e2fbe949162c300fe7fe Mon Sep 17 00:00:00 2001 From: tokslaw7 Date: Sun, 17 Sep 2023 01:03:34 +0000 Subject: [PATCH] Sign-in with Apple API interface --- www-api/app/Controllers/WrenchOauth.php | 162 +++++++++++++++++++++++- 1 file changed, 160 insertions(+), 2 deletions(-) diff --git a/www-api/app/Controllers/WrenchOauth.php b/www-api/app/Controllers/WrenchOauth.php index 5bf2cef4..4f4db70b 100644 --- a/www-api/app/Controllers/WrenchOauth.php +++ b/www-api/app/Controllers/WrenchOauth.php @@ -321,6 +321,26 @@ class WrenchOauth extends BaseController $this->provisionFacebookAccount($local_out["user_info"] , $local_out); } break; + + case 'APPLE': + log_message('critical', "Reading prepareOauthEndPointData -> ".$endpoint ); + if (array_key_exists("identityToken",$in) && trim($in["identityToken"])!="") { + // User info is already present + $local_out["user_info"] = $in; + } else { + $this->appleOAuthCodeExchange($in, $local_out); + if ( isset($local_out["access_token"])){ + log_message('critical', "XXXXXXXXXXXXXXXXX prepareOauthEndPointData -> ".$endpoint ); + $l_out =[]; + $local_out["user_info"] = $this->appleOAuthGetUser($local_out["access_token"], $l_out); + log_message('critical', "prepareOauthEndPointDataL FINAL DATALOGIN DATA STEP 889993".serialize( $local_out["user_info"] ) ); + } + } + log_message('critical', "LET SEEEEE TOKEN prepareOauthEndPointData -> ".$local_out["access_token"] ); + if (is_array($local_out["user_info"])) { + $this->provisionAppleAccount($local_out["user_info"] , $local_out); + } + break; } log_message('critical', "prepareOauthEndPointDataL FINAL DATA".serialize($local_out) ); $call_backend=false; @@ -347,6 +367,71 @@ class WrenchOauth extends BaseController return $in; } + private function appleOAuthCodeExchange($in, &$local_out) { + /* + https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens + + POST https://appleid.apple.com/auth/token + + Content-Type: application/x-www-form-urlencoded + client_id + client_secret + code + grant_type = authorization_code | refresh_token + refresh_token - when using refresh + redirect_uri - no required? + + https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse + access_token + expires_in + id_token + refresh_token + token_type = bearer + + + curl -v POST "https://appleid.apple.com/auth/token" \ + -H 'content-type: application/x-www-form-urlencoded' \ + -d 'client_id=CLIENT_ID' \ + -d 'client_secret=CLIENT_SECRET' \ + -d 'code=CODE' \ + -d 'grant_type=authorization_code' \ + -d 'redirect_uri=REDIRECT_URI' + */ + + // Step 1. Get access token + $data = [ + "client_id" => $this->getSiteConfigurations("apple.apple_client_id"), + "client_secret" => $this->getSiteConfigurations("apple.apple_client_secret"), + /* "redirect_uri" => $in["redirect_uri"], */ + "code" => $in["code"], + "grant_type" => "authorization_code" + ]; + $ch = curl_init(); + + curl_setopt($ch, CURLOPT_URL,"https://appleid.apple.com/auth/token"); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); + curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded')); + // Receive server response ... + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + + $server_output = curl_exec($ch); + + curl_close($ch); + + $local_out = json_decode($server_output,true); + + if (!is_array($local_out) || !array_key_exists("message",$local_out)) { + $local_out["message"] = "Received from Apple token API: ".$server_output; + } + } + + private function appleOAuthGetUser($access_token, &$local_out) { + // Empty stub + + return $local_out; + } + /* *essage";s:326:"Received from Google token API: { "id": "112113008943138678578", @@ -369,8 +454,8 @@ class WrenchOauth extends BaseController $data['google_id'] = $user["id"]; $data['action'] = WRENCHBOARD_GOOGLE_LOGIN; - $data['firstname'] = $user["given_name"];; - $data['lastname'] = $user["family_name"];; + $data['firstname'] = $user["given_name"]; + $data['lastname'] = $user["family_name"]; $data['email'] = $user["email"]; $data['login_channel'] = LOGIN_GOOGLE; $data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999); @@ -428,6 +513,79 @@ class WrenchOauth extends BaseController if ($ret == PHP_LOGIN_OK) { + } else { + // Cannot proceed - backend error? + // $msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='') + // ? $out ['status'] : json_encode($out); + // $this->session->set_flashdata('login_message','Cannot proceed - error: '.$msg); + // redirect('login'); + } + + } + + /* + /* + { + "identityToken":"eyJraWQiOiJZdXlYb1kiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLndyZW5jaGJvYXJkLnVzZXJzIiwiZXhwIjoxNjk0MzkzMzE3LCJpYXQiOjE2OTQzMDY5MTcsInN1YiI6IjAwMTgxMC4yMGU3NTAyOGQ0OWM0MmQ4YjQzMGI0MmQxZDc0ODdmMy4xMTU3Iiwibm9uY2UiOiIxLnB1ZmJwZGFhMzYiLCJjX2hhc2giOiJQRE1PNXNGa2pjOEtPclNNZDRjUGZnIiwiZW1haWwiOiJhY2lkdW1pcmFlQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjoidHJ1ZSIsImF1dGhfdGltZSI6MTY5NDMwNjkxNywibm9uY2Vfc3VwcG9ydGVkIjp0cnVlLCJyZWFsX3VzZXJfc3RhdHVzIjoyfQ.fEnzaVgB2JaOZbQm2fkpC_J8if5tIIfAphQptZ9Bxp2wrjnDsGvN1b0gvB3KBswv7d6n4A1U46GpaGpShJDhN-e2lKw_lzgFJlRi9-1B-Fudp_gzK61r6W8JzzbPiD0GZgfp_ITPDdxdC7hzixVx4TW8djrV4TIXYjus0b5XnzqRVz2t3ed4Et55s_SZ53SVhM9qnDruVB-KgeGrvDVUks71iM1etuP2vO3xsSFoiKfMEcankX3JUJaCNRSdvVVeUBqH9TfhvmHrCopjnlJ8N2B8o8RDhbnt99OAJtE_dw_Qt5YAAg2ITYQVLBb2dniJ5FBsOBBwbiA0-W1hPJ3RpQ","authorizationCode":"ce0061e5858a34e468a373c3ea7344cdb.0.rryrq.rK6JjdqlVVi6S9coEcTgVQ", + "email":null, + "givenName":null, + "familyName":null, + "user":"001810.20e75028d49c42d8b430b42d1d7487f3.1157", + "sub": "001810.20e75028d49c42d8b430b42d1d7487f3.1157", + "jwt_email": "acidumirae@gmail.com", + "email_verified": "true", + "real_user_status": 2 + } + */ + // real_user_status => The possible values are: 0 (or Unsupported), 1 (or Unknown), 2 (or LikelyReal). + private function provisionAppleAccount($user, &$out) + { + log_message('critical', "YYYYYYYYYYYYYYYYYYY provisionAppleAccount -> " ); + $email = ""; + if ($user["email"] != null && $user["email"] != "null" && $user["email"] != "") { + $email = $user["email"]; + } else if ($user["jwt_email"] != null && $user["jwt_email"] != "null" && $user["jwt_email"] != "") { + $email = $user["jwt_email"]; + } + $givenName = ""; + if ($user["givenName"] != null && $user["givenName"] != "null" && $user["givenName"] != "") { + $givenName = $user["givenName"]; + } + $familyName = ""; + if ($user["familyName"] != null && $user["familyName"] != "null" && $user["familyName"] != "") { + $familyName = $user["familyName"]; + } + $name = trim($givenName." ".$familyName); + if (trim($name) == "") { + $name = strtok($email, "@"); + if ($givenName == "") { + $givenName = $name; + } + } + $apple_id = ""; + if ($user["sub"] != null && $user["sub"] != "null" && $user["sub"] != "") { + $apple_id = $user["sub"]; + } else if ($user["user"] != null && $user["user"] != "null" && $user["user"] != "") { + $apple_id = $user["user"]; + } + + $data['apple_id'] = $apple_id; + $data['action'] = WRENCHBOARD_APPLE_LOGIN; // WRENCHBOARD_FACEBOOK_LOGIN + $data['firstname'] = $givenName; + $data['lastname'] = $familyName; + $data['email'] = $email; + $data['login_channel'] = LOGIN_APPLE; // LOGIN_FACEBOOK; + $data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999); + + // $this->load->model('backend_model'); + $out = array(); + + $wrenchboard = new \App\Models\BackendModel(); + $ret = $wrenchboard->wrenchboard_api($data, $out); + $out['internal_return'] = $ret; + if ($ret == PHP_LOGIN_OK) { + + } else { // Cannot proceed - backend error? // $msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='')