Tuesday, June 6, 2023
HomeiOS Developmentandroid - Decode non-public relay e-mail

android – Decode non-public relay e-mail

I am growing Apple Authentication function on Android with React Native, utilizing this library: https://github.com/invertase/react-native-apple-authentication. Every thing goes fantastic, however there’s nonetheless a factor I need to present within the type is that the actual e-mail, or Apple ID of the person. The default settings of Apple accounts is that use non-public relay, so after I name signIn() technique on this code fragment

// App.js

import { appleAuthAndroid } from '@invertase/react-native-apple-authentication';
import 'react-native-get-random-values';
import { v4 as uuid } from 'uuid'

async operate onAppleButtonPress() {
  // Generate safe, random values for state and nonce
  const rawNonce = uuid();
  const state = uuid();

  // Configure the request
    // The Service ID you registered with Apple
    clientId: 'com.instance.client-android',

    // Return URL added to your Apple dev console. We intercept this redirect, but it surely should nonetheless match
    // the URL you supplied to Apple. It may be an empty route in your backend because it's by no means known as.
    redirectUri: 'https://instance.com/auth/callback',

    // The kind of response requested - code, id_token, or each.
    responseType: appleAuthAndroid.ResponseType.ALL,

    // The quantity of person data requested from Apple.
    scope: appleAuthAndroid.Scope.ALL,

    // Random nonce worth that might be SHA256 hashed earlier than sending to Apple.
    nonce: rawNonce,

    // Distinctive state worth used to stop CSRF assaults. A UUID might be generated if nothing is supplied.

  // Open the browser window for person check in
  const response = await appleAuthAndroid.signIn();

  // Ship the authorization code to your backend for verification

I bought an id_token, after I decode the token, I bought an object on this sample:


whose the e-mail just isn’t the actual e-mail that the person entered earlier than. So this could trigger a confusion after that after I present the person’s data in a type to affirmation, I can solely use this non-public relay e-mail. I ponder that whether or not any strategy to decode this e-mail to get the actual one, through the use of c_hash for example.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments