Sign-in with Apple API interface
This commit is contained in:
@@ -321,6 +321,26 @@ class WrenchOauth extends BaseController
|
|||||||
$this->provisionFacebookAccount($local_out["user_info"] , $local_out);
|
$this->provisionFacebookAccount($local_out["user_info"] , $local_out);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 'APPLE':
|
||||||
|
log_message('critical', "Reading prepareOauthEndPointData -> ".$endpoint );
|
||||||
|
if (array_key_exists("identityToken",$in) && trim($in["identityToken"])!="") {
|
||||||
|
// User info is already present
|
||||||
|
$local_out["user_info"] = $in;
|
||||||
|
} else {
|
||||||
|
$this->appleOAuthCodeExchange($in, $local_out);
|
||||||
|
if ( isset($local_out["access_token"])){
|
||||||
|
log_message('critical', "XXXXXXXXXXXXXXXXX prepareOauthEndPointData -> ".$endpoint );
|
||||||
|
$l_out =[];
|
||||||
|
$local_out["user_info"] = $this->appleOAuthGetUser($local_out["access_token"], $l_out);
|
||||||
|
log_message('critical', "prepareOauthEndPointDataL FINAL DATALOGIN DATA STEP 889993".serialize( $local_out["user_info"] ) );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
log_message('critical', "LET SEEEEE TOKEN prepareOauthEndPointData -> ".$local_out["access_token"] );
|
||||||
|
if (is_array($local_out["user_info"])) {
|
||||||
|
$this->provisionAppleAccount($local_out["user_info"] , $local_out);
|
||||||
|
}
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
log_message('critical', "prepareOauthEndPointDataL FINAL DATA".serialize($local_out) );
|
log_message('critical', "prepareOauthEndPointDataL FINAL DATA".serialize($local_out) );
|
||||||
$call_backend=false;
|
$call_backend=false;
|
||||||
@@ -347,6 +367,71 @@ class WrenchOauth extends BaseController
|
|||||||
return $in;
|
return $in;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function appleOAuthCodeExchange($in, &$local_out) {
|
||||||
|
/*
|
||||||
|
https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens
|
||||||
|
|
||||||
|
POST https://appleid.apple.com/auth/token
|
||||||
|
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
client_id
|
||||||
|
client_secret
|
||||||
|
code
|
||||||
|
grant_type = authorization_code | refresh_token
|
||||||
|
refresh_token - when using refresh
|
||||||
|
redirect_uri - no required?
|
||||||
|
|
||||||
|
https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse
|
||||||
|
access_token
|
||||||
|
expires_in
|
||||||
|
id_token
|
||||||
|
refresh_token
|
||||||
|
token_type = bearer
|
||||||
|
|
||||||
|
|
||||||
|
curl -v POST "https://appleid.apple.com/auth/token" \
|
||||||
|
-H 'content-type: application/x-www-form-urlencoded' \
|
||||||
|
-d 'client_id=CLIENT_ID' \
|
||||||
|
-d 'client_secret=CLIENT_SECRET' \
|
||||||
|
-d 'code=CODE' \
|
||||||
|
-d 'grant_type=authorization_code' \
|
||||||
|
-d 'redirect_uri=REDIRECT_URI'
|
||||||
|
*/
|
||||||
|
|
||||||
|
// Step 1. Get access token
|
||||||
|
$data = [
|
||||||
|
"client_id" => $this->getSiteConfigurations("apple.apple_client_id"),
|
||||||
|
"client_secret" => $this->getSiteConfigurations("apple.apple_client_secret"),
|
||||||
|
/* "redirect_uri" => $in["redirect_uri"], */
|
||||||
|
"code" => $in["code"],
|
||||||
|
"grant_type" => "authorization_code"
|
||||||
|
];
|
||||||
|
$ch = curl_init();
|
||||||
|
|
||||||
|
curl_setopt($ch, CURLOPT_URL,"https://appleid.apple.com/auth/token");
|
||||||
|
curl_setopt($ch, CURLOPT_POST, 1);
|
||||||
|
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
|
||||||
|
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
|
||||||
|
// Receive server response ...
|
||||||
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||||
|
|
||||||
|
$server_output = curl_exec($ch);
|
||||||
|
|
||||||
|
curl_close($ch);
|
||||||
|
|
||||||
|
$local_out = json_decode($server_output,true);
|
||||||
|
|
||||||
|
if (!is_array($local_out) || !array_key_exists("message",$local_out)) {
|
||||||
|
$local_out["message"] = "Received from Apple token API: ".$server_output;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private function appleOAuthGetUser($access_token, &$local_out) {
|
||||||
|
// Empty stub
|
||||||
|
|
||||||
|
return $local_out;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
*essage";s:326:"Received from Google token API: {
|
*essage";s:326:"Received from Google token API: {
|
||||||
"id": "112113008943138678578",
|
"id": "112113008943138678578",
|
||||||
@@ -369,8 +454,8 @@ class WrenchOauth extends BaseController
|
|||||||
|
|
||||||
$data['google_id'] = $user["id"];
|
$data['google_id'] = $user["id"];
|
||||||
$data['action'] = WRENCHBOARD_GOOGLE_LOGIN;
|
$data['action'] = WRENCHBOARD_GOOGLE_LOGIN;
|
||||||
$data['firstname'] = $user["given_name"];;
|
$data['firstname'] = $user["given_name"];
|
||||||
$data['lastname'] = $user["family_name"];;
|
$data['lastname'] = $user["family_name"];
|
||||||
$data['email'] = $user["email"];
|
$data['email'] = $user["email"];
|
||||||
$data['login_channel'] = LOGIN_GOOGLE;
|
$data['login_channel'] = LOGIN_GOOGLE;
|
||||||
$data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999);
|
$data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999);
|
||||||
@@ -428,6 +513,79 @@ class WrenchOauth extends BaseController
|
|||||||
if ($ret == PHP_LOGIN_OK) {
|
if ($ret == PHP_LOGIN_OK) {
|
||||||
|
|
||||||
|
|
||||||
|
} else {
|
||||||
|
// Cannot proceed - backend error?
|
||||||
|
// $msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='')
|
||||||
|
// ? $out ['status'] : json_encode($out);
|
||||||
|
// $this->session->set_flashdata('login_message','Cannot proceed - error: '.$msg);
|
||||||
|
// redirect('login');
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
/*
|
||||||
|
{
|
||||||
|
"identityToken":"eyJraWQiOiJZdXlYb1kiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLndyZW5jaGJvYXJkLnVzZXJzIiwiZXhwIjoxNjk0MzkzMzE3LCJpYXQiOjE2OTQzMDY5MTcsInN1YiI6IjAwMTgxMC4yMGU3NTAyOGQ0OWM0MmQ4YjQzMGI0MmQxZDc0ODdmMy4xMTU3Iiwibm9uY2UiOiIxLnB1ZmJwZGFhMzYiLCJjX2hhc2giOiJQRE1PNXNGa2pjOEtPclNNZDRjUGZnIiwiZW1haWwiOiJhY2lkdW1pcmFlQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjoidHJ1ZSIsImF1dGhfdGltZSI6MTY5NDMwNjkxNywibm9uY2Vfc3VwcG9ydGVkIjp0cnVlLCJyZWFsX3VzZXJfc3RhdHVzIjoyfQ.fEnzaVgB2JaOZbQm2fkpC_J8if5tIIfAphQptZ9Bxp2wrjnDsGvN1b0gvB3KBswv7d6n4A1U46GpaGpShJDhN-e2lKw_lzgFJlRi9-1B-Fudp_gzK61r6W8JzzbPiD0GZgfp_ITPDdxdC7hzixVx4TW8djrV4TIXYjus0b5XnzqRVz2t3ed4Et55s_SZ53SVhM9qnDruVB-KgeGrvDVUks71iM1etuP2vO3xsSFoiKfMEcankX3JUJaCNRSdvVVeUBqH9TfhvmHrCopjnlJ8N2B8o8RDhbnt99OAJtE_dw_Qt5YAAg2ITYQVLBb2dniJ5FBsOBBwbiA0-W1hPJ3RpQ","authorizationCode":"ce0061e5858a34e468a373c3ea7344cdb.0.rryrq.rK6JjdqlVVi6S9coEcTgVQ",
|
||||||
|
"email":null,
|
||||||
|
"givenName":null,
|
||||||
|
"familyName":null,
|
||||||
|
"user":"001810.20e75028d49c42d8b430b42d1d7487f3.1157",
|
||||||
|
"sub": "001810.20e75028d49c42d8b430b42d1d7487f3.1157",
|
||||||
|
"jwt_email": "acidumirae@gmail.com",
|
||||||
|
"email_verified": "true",
|
||||||
|
"real_user_status": 2
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
// real_user_status => The possible values are: 0 (or Unsupported), 1 (or Unknown), 2 (or LikelyReal).
|
||||||
|
private function provisionAppleAccount($user, &$out)
|
||||||
|
{
|
||||||
|
log_message('critical', "YYYYYYYYYYYYYYYYYYY provisionAppleAccount -> " );
|
||||||
|
$email = "";
|
||||||
|
if ($user["email"] != null && $user["email"] != "null" && $user["email"] != "") {
|
||||||
|
$email = $user["email"];
|
||||||
|
} else if ($user["jwt_email"] != null && $user["jwt_email"] != "null" && $user["jwt_email"] != "") {
|
||||||
|
$email = $user["jwt_email"];
|
||||||
|
}
|
||||||
|
$givenName = "";
|
||||||
|
if ($user["givenName"] != null && $user["givenName"] != "null" && $user["givenName"] != "") {
|
||||||
|
$givenName = $user["givenName"];
|
||||||
|
}
|
||||||
|
$familyName = "";
|
||||||
|
if ($user["familyName"] != null && $user["familyName"] != "null" && $user["familyName"] != "") {
|
||||||
|
$familyName = $user["familyName"];
|
||||||
|
}
|
||||||
|
$name = trim($givenName." ".$familyName);
|
||||||
|
if (trim($name) == "") {
|
||||||
|
$name = strtok($email, "@");
|
||||||
|
if ($givenName == "") {
|
||||||
|
$givenName = $name;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$apple_id = "";
|
||||||
|
if ($user["sub"] != null && $user["sub"] != "null" && $user["sub"] != "") {
|
||||||
|
$apple_id = $user["sub"];
|
||||||
|
} else if ($user["user"] != null && $user["user"] != "null" && $user["user"] != "") {
|
||||||
|
$apple_id = $user["user"];
|
||||||
|
}
|
||||||
|
|
||||||
|
$data['apple_id'] = $apple_id;
|
||||||
|
$data['action'] = WRENCHBOARD_APPLE_LOGIN; // WRENCHBOARD_FACEBOOK_LOGIN
|
||||||
|
$data['firstname'] = $givenName;
|
||||||
|
$data['lastname'] = $familyName;
|
||||||
|
$data['email'] = $email;
|
||||||
|
$data['login_channel'] = LOGIN_APPLE; // LOGIN_FACEBOOK;
|
||||||
|
$data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999);
|
||||||
|
|
||||||
|
// $this->load->model('backend_model');
|
||||||
|
$out = array();
|
||||||
|
|
||||||
|
$wrenchboard = new \App\Models\BackendModel();
|
||||||
|
$ret = $wrenchboard->wrenchboard_api($data, $out);
|
||||||
|
$out['internal_return'] = $ret;
|
||||||
|
if ($ret == PHP_LOGIN_OK) {
|
||||||
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
// Cannot proceed - backend error?
|
// Cannot proceed - backend error?
|
||||||
// $msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='')
|
// $msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='')
|
||||||
|
|||||||
Reference in New Issue
Block a user