✨ working signin with apple

app/components/layout/LayoutLogin.vue

@@ -1,6 +1,4 @@
 <script setup lang="ts">
-import type { User } from '~/types/models'
-
 interface Provider {
   name: string
   label: string
@@ -17,14 +15,17 @@ const providers = reactive<Provider[]>([
     color: 'white',
     click: async () => await navigateTo('/api/oauth/google', { external: true }),
   },
-  /*
   {
     name: 'apple',
     label: 'Apple',
     icon: 'i-mdi-apple',
     color: 'white',
-    click: async () => await navigateTo('https://appleid.apple.com/auth/authorize?response_type=code&state=state&client_id=fume.bio&redirect_uri=https%3A%2F%2Ffume.bio%2Fapi%2Foauth%2Fapple&scope=openid+email+name&response_mode=form_post', { external: true }),
+    click: async () => await navigateTo('/api/oauth/redirect/apple', { external: true }),
+    // https://appleid.apple.com/auth/authorize?response_type=code&state=state&client_id=fume.bio&redirect_uri=https%3A%2F%2Ffume.bio%2Fapi%2Foauth%2Fapple&scope=openid+email+name&response_mode=form_post', { external: true }),
+
+    // https://appleid.apple.com/auth/authorize?client_id=fume.bio&redirect_uri=https%253A%252F%252Ffume.bio%252Fapi%252Foauth%252Fapple&scope=openid%2520email%2520name
   },
+  /*
 
   {
     name: 'x',

nuxt.config.ts

@@ -49,9 +49,11 @@ export default defineNuxtConfig({
       name: 'fumebio-session',
     },
     apple: {
+      clientId: '',
       teamId: '',
       keyIdentifier: '',
       privateKey: '',
+      redirectURL: '',
     },
     oauth: {
       google: {

package.json

@@ -29,6 +29,7 @@
     "@fullcalendar/vue3": "^6.1.15",
     "@nuxt/ui-pro": "^1.4.3",
     "@prisma/adapter-d1": "^5.20.0",
+    "@types/jsonwebtoken": "^9.0.7",
     "date-fns": "^4.1.0"
   },
   "devDependencies": {
@@ -48,6 +49,7 @@
     "@vitest/ui": "^2.1.1",
     "dotenv-cli": "^7.4.2",
     "happy-dom": "^15.7.4",
+    "jsonwebtoken": "^9.0.2",
     "nuxt": "^3.13.2",
     "nuxt-auth-utils": "^0.3.9",
     "nuxt-og-image": "3.0.2",

server/api/[...slug].ts

@@ -1,7 +1,7 @@
 import type { Round } from '@prisma/client'
 import { createRouter, useBase } from 'h3'
 import type { Token, User } from '~/types/models'
-import { githubHandler, googleHandler } from '../controllers/oauth'
+import { appleHandler, appleRedirectHandler, githubHandler, googleHandler } from '../controllers/oauth'
 import round from '../controllers/round'
 import test from '../controllers/test'
 import token from '../controllers/token'
@@ -19,8 +19,8 @@ if (useRuntimeConfig().appEnv === 'test')
   router.post('/test/session', test.create)
 
 router.get('/oauth/google', googleHandler)
-// router.get('/oauth/redirect/apple', appleRedirectHandler)
-// router.post('/oauth/apple', appleHandler)
+router.get('/oauth/redirect/apple', appleRedirectHandler)
+router.post('/oauth/apple', appleHandler)
 // router.get('/oauth/facebook', facebookHandler)
 // router.get('/oauth/instagram', instagramHandler)
 // router.get('/oauth/x', xHandler)

server/controllers/oauth.ts

@@ -94,39 +94,23 @@ export const xHandler = oauthXEventHandler({
     return sendRedirect(event, '/')
   },
 })
-
-/*
 export const appleRedirectHandler = defineEventHandler((event) => {
-  return sendRedirect(event, 'https://appleid.apple.com/auth/authorize?response_type=code&state=state&client_id=fume.bio&redirect_uri=https%3A%2F%2Ffume.bio%2Fapi%2Foauth%2Fapple&scope=openid+email+name&response_mode=form_post')
+  const config = useRuntimeConfig(event).apple
+  return sendRedirect(event, apple.getAuthURL(config))
 })
 
 export const appleHandler = defineEventHandler(async (event) => {
+  const config = useRuntimeConfig(event).apple
   const body = await readBody(event)
-  const config = useRuntimeConfig(event)
-  const clientSecret = appleSignin.getClientSecret({
-    clientID: 'fume.bio',
-    teamID: config.apple.teamId,
-    privateKey: `-----BEGIN PRIVATE KEY-----
-${config.apple.privateKey.split(':BR:').join('\n')}
------END PRIVATE KEY-----`,
-    keyIdentifier: config.apple.keyIdentifier,
-  })
-
-  const options = {
-    clientID: 'fume.bio',
-    redirectUri: 'https://fume.bio/api/oauth/apple',
-    clientSecret,
-    scope: 'email name',
-  }
-  const tokenResponse = await appleSignin.getAuthorizationToken(body.code, options)
-  const user = await appleSignin.verifyIdToken(tokenResponse.id_token)
+  const token = await apple.getAuthToken(config, body.code)
+  const verified = apple.verifyIdToken(token.id_token)
+
   let dbUser
   if (body.user)
     dbUser = await signIn(event, JSON.parse(body.user), 'apple')
   else
-    dbUser = await createSession('apple', await userFromEmail(user.email), event)
+    dbUser = await createSession('apple', await userFromEmail(verified.email), event)
 
   await setUserSession(event, { user: dbUser })
   return sendRedirect(event, '/')
 })
-  */