Is this work with ES256 algorithm ?

[infuginindia]

Is this library work with ES256 algorithm ? , if yes may you please provide a sample of code

[jerome2710]

See #183 and #239.

[yanzhili]

i'm going through the sign with apple function，i want use this library to create the client_secret which the get access_token request needed ,but the request always return {"error":"invalid_client"}.
here is my code:

private function getClientSecret($client_id, $team_id, $key_id)
    {
        require_once APPPATH . 'path/firebase_jwt/autoload.php';
        $key = <<<EOD
-----BEGIN PRIVATE KEY-----
*************************************************
-----END PRIVATE KEY-----
EOD;

        $claims = array(
            'iss' => $team_id,
            'iat' => time(),
            'exp' => time() + 3600,
            'aud' => 'https://appleid.apple.com',
            'sub' => $client_id,
        );

        $jwt = \Firebase\JWT\JWT::encode($claims, $key, 'ES256', $key_id);
        return $jwt;
    }

I am sure the problem is caused by the $key parameter , but not sure if this library is not support the function at all.
Here is the ruby code which can return the right JWT:

require 'jwt'

key_file = 'AuthKey_*******.p8'
team_id = ''
client_id = ''
key_id = ''

ecdsa_key = OpenSSL::PKey::EC.new IO.read key_file

headers = {
  'kid' => key_id
}

claims = {
	'iss' => team_id,
	'iat' => 1569839175,
	'exp' => 1569842775,
	'aud' => 'https://appleid.apple.com',
	'sub' => client_id,
}

token = JWT.encode claims, ecdsa_key, 'ES256', headers

puts token`

Could somebody help me?

[patrickbussmann]

I focus the same issue like @yanzhili.
The Ruby code is working fine and the php code not. -> invalid_client

Very interesting.

[patrickbussmann]

I found a library which supports this Sign in with Apple, @yanzhili see example: https://gist.github.com/patrickbussmann/877008231ef082cc5dc4ee5ca661a641
🥳

[changyy]

I have generated ES256 token successfully via https://github.com/lcobucci/jwt project at PHP 7 environment.

But my project is under PHP5.5 situation. I just find out the difference between "lcobucci/jwt" and "firebase/jwt" on making ES256 token flow and reuse "\Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter" to fix "firebase/jwt" flow:

		$key_data = openssl_pkey_get_private($key_content, '');
		$jwt = \Firebase\JWT\JWT::encode($jwt_payload, $key_data, 'ES256', null, $jwt_header);
		$jwt_handle = explode('.', $jwt);
		$MultibyteStringConverter = new \Lcobucci\JWT\Signer\Ecdsa\MultibyteStringConverter();
		$jwt_handle[2] = \Firebase\JWT\JWT::urlsafeB64Encode(
				$MultibyteStringConverter->fromAsn1(
					\Firebase\JWT\JWT::urlsafeB64Decode($jwt_handle[2]), 
					64
				)
		);
		$jwt = implode('.', $jwt_handle);

more info:

• callback.php: https://github.com/changyy/sign-in-with-apple-js/blob/master/php/callback.php
• callback.php output: https://github.com/changyy/sign-in-with-apple-js/blob/master/php/callback-output.html
• notes written in Chinese: https://blog.changyy.org/2019/11/php-jwt-oauth-sign-in-with-apple-js.html

Finally, the pull request, #256, need to be reviewed, maybe it has solved the problem.

[bshaffer]

see also #256, where I've added very basic support.

[bshaffer]

This support has been added! A tagged release should happen soon but in the meantime you can pull the change down from master or the 5.1.0 tag.