-
-
Notifications
You must be signed in to change notification settings - Fork 23
IdToken
nov edited this page Jun 5, 2019
·
10 revisions
id_token = token_response.id_token
id_token.iss # => "https://appleid.apple.com"
id_token.aud # => Your Client ID
id_token.sub # => Apple User Identifier (a.k.a. Subject Identifier)
id_token.iat # => issued_at (Unix Timestamp)
id_token.exp # => expires_at (Unix Timestamp)
id_token.at_hash # => hash value of access_token which is issued together with the id_tokenIn this case, you don't have to verify id_token signature nor ac_hash.
id_token.verify!(
client,
verify_signature: false
)Moreover, you can just skip all verification step.
However, if you do full verification, do as below.
id_token.verify!(
client,
access_token: token_response.access_token, # NOTE: Check at_hash
# verify_signature: true # NOTE: this is the default
)Probably you don't need this gem, or you need to get id_token via back-channel TLS communication