Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client secret for apple expire because is not generated for each request #194

Open
2 tasks done
GiovanniSlabs opened this issue Mar 20, 2023 · 3 comments
Open
2 tasks done

Client secret for apple expire because is not generated for each request #194

GiovanniSlabs opened this issue Mar 20, 2023 · 3 comments

Comments

@GiovanniSlabs
Copy link

Prerequisites

  • I have written a descriptive issue title
  • I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.14.1

Plugin version

7.0.0

Node.js version

18

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

20.04

Description

Hello,
there is a problem with apple sign in.
Apple client secret is a JWT that is created the first time that the app starts (when fastify load the plugin). But the secret has an expire time so after 5 minutes the plugin stops working because the client secret in not valid anymore.
The JWT expiration time can be extanded up to 6 month. But it is not a solution.

Steps to Reproduce

fastify.register(oauthPlugin, { name: 'appleOAuth2', scope: ['email'], credentials: { client: { id: process.env.APPLE_CLIENTID, secret: generateClientSecret() }, auth: oauthPlugin.APPLE_CONFIGURATION, options: { // bodyFormat: 'form', authorizationMethod: 'body' } }, startRedirectPath: '/login/apple', callbackUri: process.env.SERVER_URL + '/login/apple/callback' })

`function generateClientSecret() {
const expiresIn = 180 // in days (6 months) - custom time set based on requirements

    return appleSignin.getClientSecret({
        clientID: process.env.APPLE_CLIENTID,
        teamID: process.env.APPLE_TEAM_ID,
        keyIdentifier: process.env.APPLE_KEY_IDENTIFIER,
        privateKeyPath: "privateKey.txt",
        expAfter: expiresIn * 24 * 3600 // in seconds
    })
}`

Expected Behavior

The client secret had to be recreated for each request to be always fresh and valid.
@mcollina
Copy link
Member

Thanks for reporting! Would you like to send a Pull Request to address this issue? Remember to add unit tests.

@Faruqt
Copy link

Faruqt commented Apr 4, 2023

Hello @GiovanniSlabs,

Any reason why you want to refresh the token for each request rather than setting it to the maximum possible lifespan (6 months) ?

@GiovanniSlabs
Copy link
Author

Hi @mcollina,
i'm sorry but i don't know how to do it, i think that i don't have the skills to do that change.

Hi @Faruqt ,
the reason is that if the server doesn't restart in 6 months, the token would be invalidated and the oauth will not work anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mcollina @Faruqt @GiovanniSlabs