Project Status?

[firrae]

Hi there, just curious if this is still being maintained? The example site and such seem to be dead with a long period since the last commit.

[Shahar-Ben-Ezra]

Hi,
There is an issue with apple-signin library with the Invalid Signature caused by the addition of new Apple Public Keys,
Apple recently added multiple public keys instead of the single public key that has been available since Apple Sign In was launched.
I suggest you to used this library https://github.com/alaborderie/node-apple-signin instead of Techofficer/node-apple-signin.

[paramsinghvc]

Facing the same issue!

[johndpope]

related - ananay/apple-auth#18

I haven't seen the code in this repo -
but I fixed it elsewhere using this
specifically

BROKEN. hard coding to let key = res.data.keys[0] // fails 1 in 7 goes.

const getApplePublicKey = async () => {
	let res = await axios.request({
		method: "GET",
		url: "https://appleid.apple.com/auth/keys",
	})
	let key = res.data.keys[0]
	const pubKey = new NodeRSA();
	pubKey.importKey({ n: Buffer.from(key.n, 'base64'), e: Buffer.from(key.e, 'base64') }, 'components-public');
	console.log('apple公钥')
	console.log(pubKey.exportKey(['public']))
	return pubKey.exportKey(['public']);
};

FIXED

const getAppleIDPublicKey = async (kid) => {
  let res = await axios.request({
    method: "GET",
    url: "https://appleid.apple.com/auth/keys",
  })
  // console.log("res:",res)
  const keys = res.data.keys;
  const key = keys.find(k => k.kid === kid);

  const pubKey = new NodeRSA();
  pubKey.importKey({ n: Buffer.from(key.n, 'base64'), e: Buffer.from(key.e, 'base64') }, 'components-public');
  return pubKey.exportKey(['public']);
};