verify-apple-token

Verify the Apple id token on the server side.

Usage no npm install needed!

<script type="module">
  import verifyAppleToken from 'https://cdn.skypack.dev/verify-apple-token';
</script>

README

Build Status Publish Status npm version codecov

Verify Apple idToken

  • Small utility which verifies the Apple idToken
  • You can use it on the backend side
  • Token verification is part of Apple sign-in process
  • The flow is
    • Client app (iOS or Android) will redirect user to the OAuth2 login screen
    • User will login
    • App will receive the tokens
    • App should send the idToken to the backend which will verify it
  • Verification steps implemented:
    • Verify the JWS E256 signature using the server’s public key
    • Verify the nonce for the authentication
    • Verify that the iss field contains https://appleid.apple.com
    • Verify that the aud field is the developer’s client_id
    • Verify that the time is earlier than the exp value of the token

Installation

npm install verify-apple-token

Usage

Typescript

import verifyAppleToken from 'verify-apple-id-token';

const jwtClaims = await verifyAppleToken({
    idToken: 'yourIdToken',
    clientId: 'yourAppleClientId',
    nonce: 'nonce', // optional
});

Javascript

const verifyAppleToken = require('verify-apple-id-token').default;

const jwtClaims = await verifyAppleToken({
    idToken: 'yourIdToken',
    clientId: 'yourAppleClientId',
    nonce: 'nonce', // optional
});