Handle Apple Sign In on the server (Ruby on Rails)

I recently had to implement “Sign in with Apple” for one of our customers and at first glance it was pretty straight forward but when I needed to validate the user on the server side I was left empty handed. I did some search on Google and ended up piecing code together from different places.

Apple

This article gives you a quick way of handling the JWT and how to decode it, so you can verify the user on the server. I used Ruby on Rails on our server but the method should be same.

Here is a few notes that I thought was useful

  1. The JWT expires after 10 minutes
  2. After validation, you should have your own authenticating mechanism — for example a token that the user uses on all the other requests for your API
  3. The JWT only contains the userIdentity and email (no full name for example)
  4. When creating a user on your server, you must use userIdentity as their primary/look-up key, because the email will change depending on user settings

How to get the userIdentity and JWT ?

This one you need to get on the device. It’s pretty simple and straightforward. You just need to enable “Apple Sign In” in Project -> Signing & Capabilities -> Add “Sign in With Apple”.

Then you can start the sign in session using the code below

That’s it. The reason why i’am sending the users full name to our servers is because the JWT does not contain it, it only contains the email of the user and for us to create a new user on our server we need both email and name. This could be different in your case.

Handling the JWT on the server side

To decode the JWT you will need to get a public key from Apple. This public key is hosted on https://appleid.apple.com/auth/keys but in a format called JWK. (JSON Web Key).

Our script will download the key and use it to decode the JWT, then compare the information in the JWT with the userIdentity which is also sent from the client.

The gem I use for JWK/JWT is simply called ‘jwt’. Add it to your bundle and you should be good to.

--

--

--

I work as a software developer with years of experience within the field of web, apps and server architecture.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Why Quality Assurance is Important in Web Application?

software Quality assurance life cycle

Simplify Your Layout (And Your Life) With CSS Grid

We are being accelerated. Wait, what?

Linux: Repeat last command until exit code is equal to 0

DevOps Engineers — 6 Skills of a Truly Great Candidate

Develop the essential skills on Linux and Git by #IBeLieveInDoing campaign organised by crio.

Writing a simple task Applet for Cinnamon Desktop

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rasmus Styrk

Rasmus Styrk

I work as a software developer with years of experience within the field of web, apps and server architecture.

More from Medium

Writing a Custom Local Authenticator to WSO2-IS with the Archetype-is

4EVERLAND Bucket Supports the Use of S3 Browser to Store, Backup and Manage Files

Reduce CVEs in your containerized Node.js app using a Distroless base image

Remove package managers, shells, and other unnecessary programs

Supporting Student Innovation at HackMerced VII

March 4-6 HackMerced 7