How to fetch users' info using token and refreshToken? #33
Comments
|
You only get the user info's once.
So its not possible to get it twice. Privacy is important for them 🙃 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey,
I need to make subsequent authentication calls during calling 2 different APIs of mine sequentially, meaning that I need to validate the same user twice but without showing the apple UI twice. But the authorizationCode can only be used once and I can't keep the whole AppleAccessToken object and use it again in the next API call like
$user = $provider->getResourceOwner($token);I understood from apple's documentation that after the first authentication call using the authorizationCode I will need to validate users' the using the refresh_token. https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens.
So in PHP it would be:
$accessToken = $provider->getAccessToken('refresh_token', [ 'refresh_token' => $request->get('access_token') ]);but the object returned does not have any of the users info, no email nor resourceOwnerId :
object(League\OAuth2\Client\Token\AppleAccessToken)#6500 (8) { ["idToken":protected]=> string(709) "eyJraWQiOiJmaDZCczhDIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLmRldi10bWgubmV0c2VydmV4IiwiZXhwIjoxNjUwOTI3NjEzLCJpYXQiOjE2NTA4NDEyMTMsInN1YiI6IjAwMDkzMC40MTkxODI5ZGY5ZTM0MmYxOTQ3YjU0Zjg1MGJhMTczMy4xMjI0IiwiYXRfaGFzaCI6Ik1HcjhsOGQ2Q3RWclh1ekY3U2RIdFEiLCJlbWFpbCI6Im9tZGF0aGVvbmVAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIn0.OaN_3RJ40QExQeXkkVK01lzrWq5--v7jGV5Uo2jq31lmfqAWhnMXPCJAt63o6OTUScjMoP7L4-Xv95NmtbqDA3Wweq2KwxrEpr9KR2fCA60EX0kQuIycvJ7r1Djau9x0tfHrnsMS2pFo47EeayVVxOGzTMp6QFv7_ReBg3EPSboM3d0zYAq5PIiTRHzbxwCBRFk6h4gq1uv1rCnvEEhAWhPjoVYYfVm318C7uaUfJAZca8fogF7HSmZfSpXxooG9dUehGFN6RpFeCeIQ-Hg-GowztK6hE-AbUwdsiE5Y_FZHIcMokh0K_UXBJPfpmRQQmveInDQNHV8XV454ftfcyA" ["email":protected]=> NULL ["isPrivateEmail":protected]=> NULL ["accessToken":protected]=> string(63) "aad586bae625f44d8b2e48fbd8782a3ca.0.mztq.6b7AYAthn65Qw7XBxB9VSA" ["expires":protected]=> int(1650844813) ["refreshToken":protected]=> NULL ["resourceOwnerId":protected]=> NULL ["values":protected]=> array(2) { ["token_type"]=> string(6) "Bearer" ["id_token"]=> string(709) "eyJraWQiOiJmaDZCczhDIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLmRldi10bWgubmV0c2VydmV4IiwiZXhwIjoxNjUwOTI3NjEzLCJpYXQiOjE2NTA4NDEyMTMsInN1YiI6IjAwMDkzMC40MTkxODI5ZGY5ZTM0MmYxOTQ3YjU0Zjg1MGJhMTczMy4xMjI0IiwiYXRfaGFzaCI6Ik1HcjhsOGQ2Q3RWclh1ekY3U2RIdFEiLCJlbWFpbCI6Im9tZGF0aGVvbmVAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIn0.OaN_3RJ40QExQeXkkVK01lzrWq5--v7jGV5Uo2jq31lmfqAWhnMXPCJAt63o6OTUScjMoP7L4-Xv95NmtbqDA3Wweq2KwxrEpr9KR2fCA60EX0kQuIycvJ7r1Djau9x0tfHrnsMS2pFo47EeayVVxOGzTMp6QFv7_ReBg3EPSboM3d0zYAq5PIiTRHzbxwCBRFk6h4gq1uv1rCnvEEhAWhPjoVYYfVm318C7uaUfJAZca8fogF7HSmZfSpXxooG9dUehGFN6RpFeCeIQ-Hg-GowztK6hE-AbUwdsiE5Y_FZHIcMokh0K_UXBJPfpmRQQmveInDQNHV8XV454ftfcyA" } }And when I try to fetch the user's info by the token that I just retrieved
$fetchedUser = $client->fetchUserFromToken($accessToken);the result is the same:
object(League\OAuth2\Client\Provider\AppleResourceOwner)#6512 (4) { ["response":protected]=> array(2) { ["email"]=> NULL ["isPrivateEmail"]=> NULL } ["email":"League\OAuth2\Client\Provider\AppleResourceOwner":private]=> NULL ["isPrivateEmail":"League\OAuth2\Client\Provider\AppleResourceOwner":private]=> NULL ["resourceOwnerId":protected]=> NULL }The package's Read.me menitons using the token text in the API calls but I did not understand how:
" // Use this to interact with an API on the users behalf
echo $token->getToken();
"
I imagine the solution would be decoding the id_token but I do not understand yet if the JWT needed for decoding would be created in run-time or they are keys that would be configured in this package somehow.
Thanks in advance.
The text was updated successfully, but these errors were encountered: