Merge pull request #15 from appsent-co/master

allow dynamic client_ids

lib/omniauth/strategies/apple.rb

@@ -13,7 +13,8 @@ class Apple < OmniAuth::Strategies::OAuth2
              token_url: '/auth/token'
       option :authorize_params,
              response_mode: 'form_post'
-
+      option :authorized_client_ids, []
+
       uid { id_info['sub'] }
 
       info do
@@ -32,7 +33,7 @@ class Apple < OmniAuth::Strategies::OAuth2
       end
 
       def client
-        ::OAuth2::Client.new(options.client_id, client_secret, deep_symbolize(options.client_options))
+        ::OAuth2::Client.new(client_id, client_secret, deep_symbolize(options.client_options))
       end
 
       def callback_url
@@ -42,9 +43,19 @@ def callback_url
       private
 
       def id_info
-        id_token = request.params['id_token'] || access_token.params['id_token']
-        log(:info, "id_token: #{id_token}")
-        @id_info ||= ::JWT.decode(id_token, nil, false)[0] # payload after decoding
+        if request.params&.key?('id_token') || access_token&.params&.key?('id_token')
+          id_token = request.params['id_token'] || access_token.params['id_token']
+          log(:info, "id_token: #{id_token}")
+          @id_info ||= ::JWT.decode(id_token, nil, false)[0] # payload after decoding
+        end
+      end
+
+      def client_id
+        unless id_info.nil?
+          return id_info['aud'] if options.authorized_client_ids.include? id_info['aud']
+        end
+
+        options.client_id
       end
 
       def user_info
@@ -70,7 +81,7 @@ def client_secret
         payload = {
           iss: options.team_id,
           aud: 'https://appleid.apple.com',
-          sub: options.client_id,
+          sub: client_id,
           iat: Time.now.to_i,
           exp: Time.now.to_i + 60
         }