Verify Apple identity token

To verify the identity token, your app server must

  • Verify the JWS E256 signature using the server’s public key

  • Verify the nonce for the authentication

  • Verify that the iss field contains https://appleid.apple.com

  • Verify that the aud field is the developer’s client_id

  • Verify that the time is earlier than the exp value of the token

Go :

import(
    "github.com/coolishbee/go-verify-apple-id-token"
)

func main() {
	client := New()

	jwtClaims, err := client.VerifyIdToken("com.clientId.here", "idToken")
	if err != nil {
		t.Errorf("%s", err)
	} else {
		fmt.Println(jwtClaims.Email)
	}
}

Last updated