Apple authentication added (#44)

Author: ashutosh-bansal-2136

.eslintrc.d.ts

@@ -0,0 +1,10 @@
+declare const _extends: string;
+export {_extends as extends};
+export declare const rules: {
+  'no-extra-boolean-cast': string;
+  '@typescript-eslint/interface-name-prefix': string;
+};
+export declare namespace parserOptions {
+  const project: string;
+  const tsconfigRootDir: string;
+}

package-lock.json

@@ -54,6 +54,7 @@
     "@loopback/core": "^2.16.0",
     "https-proxy-agent": "^5.0.0",
     "passport": "^0.4.1",
+    "passport-apple": "^2.0.1",
     "passport-azure-ad": "^4.3.0",
     "passport-google-oauth20": "^2.0.0",
     "passport-http-bearer": "^1.0.1",
@@ -73,6 +74,7 @@
     "@types/lodash": "^4.14.150",
     "@types/node": "^10.17.59",
     "@types/passport": "^1.0.3",
+    "@types/passport-apple": "^1.1.0",
     "@types/passport-azure-ad": "^4.0.8",
     "@types/passport-google-oauth20": "^2.0.3",
     "@types/passport-http-bearer": "^1.0.35",

package.json

@@ -20,6 +20,8 @@ import {
   GoogleAuthVerifyProvider,
   InstagramAuthStrategyFactoryProvider,
   InstagramAuthVerifyProvider,
+  AppleAuthStrategyFactoryProvider,
+  AppleAuthVerifyProvider,
   KeycloakStrategyFactoryProvider,
   KeycloakVerifyProvider,
   LocalPasswordStrategyFactoryProvider,
@@ -53,6 +55,8 @@ export class AuthenticationComponent implements Component {
         .key]: GoogleAuthStrategyFactoryProvider,
       [Strategies.Passport.INSTAGRAM_OAUTH2_STRATEGY_FACTORY
         .key]: InstagramAuthStrategyFactoryProvider,
+      [Strategies.Passport.APPLE_OAUTH2_STRATEGY_FACTORY
+        .key]: AppleAuthStrategyFactoryProvider,
       [Strategies.Passport.AZURE_AD_STRATEGY_FACTORY
         .key]: AzureADAuthStrategyFactoryProvider,
       [Strategies.Passport.KEYCLOAK_STRATEGY_FACTORY
@@ -71,6 +75,7 @@ export class AuthenticationComponent implements Component {
         .key]: GoogleAuthVerifyProvider,
       [Strategies.Passport.INSTAGRAM_OAUTH2_VERIFIER
         .key]: InstagramAuthVerifyProvider,
+      [Strategies.Passport.APPLE_OAUTH2_VERIFIER.key]: AppleAuthVerifyProvider,
       [Strategies.Passport.AZURE_AD_VERIFIER.key]: AzureADAuthVerifyProvider,
       [Strategies.Passport.KEYCLOAK_VERIFIER.key]: KeycloakVerifyProvider,
     };

src/component.ts

@@ -8,6 +8,7 @@ import {KeycloakStrategyFactoryProvider} from './passport/passport-keycloak';
 import {AzureADAuthStrategyFactoryProvider} from './passport/passport-azure-ad';
 import {VerifyFunction} from './types';
 import {InstagramAuthStrategyFactoryProvider} from './passport';
+import {AppleAuthStrategyFactoryProvider} from './passport/passport-apple-oauth2';
 
 export namespace Strategies {
   export namespace Passport {
@@ -73,5 +74,13 @@ export namespace Strategies {
     export const INSTAGRAM_OAUTH2_VERIFIER = BindingKey.create<VerifyFunction.InstagramAuthFn>(
       'sf.passport.verifier.instagramOauth2',
     );
+
+    // Passport-apple-oauth2 strategy
+    export const APPLE_OAUTH2_STRATEGY_FACTORY = BindingKey.create<AppleAuthStrategyFactoryProvider>(
+      'sf.passport.strategyFactory.appleOauth2',
+    );
+    export const APPLE_OAUTH2_VERIFIER = BindingKey.create<VerifyFunction.AppleAuthFn>(
+      'sf.passport.verifier.appleOauth2',
+    );
   }
 }

src/strategies/keys.ts

@@ -6,3 +6,4 @@ export * from './passport-keycloak';
 export * from './passport-google-oauth2';
 export * from './passport-azure-ad';
 export * from './passport-insta-oauth2';
+export * from './passport-apple-oauth2';

src/strategies/passport/index.ts

@@ -0,0 +1,126 @@
+/* eslint-disable @typescript-eslint/naming-convention */
+import {inject, Provider} from '@loopback/core';
+import {HttpErrors, Request} from '@loopback/rest';
+import {HttpsProxyAgent} from 'https-proxy-agent';
+import {
+  Profile,
+  AuthenticateOptions,
+  AuthenticateOptionsWithRequest,
+  VerifyCallback,
+  DecodedIdToken,
+} from 'passport-apple';
+
+import {AuthErrorKeys} from '../../../error-keys';
+import {Strategies} from '../../keys';
+import {VerifyFunction} from '../../types';
+
+import Strategy from 'passport-apple';
+
+//import * as AppleStrategy from 'passport-apple';
+export interface AppleAuthStrategyFactory {
+  (
+    options: AuthenticateOptions | AuthenticateOptionsWithRequest,
+    verifierPassed?: VerifyFunction.AppleAuthFn,
+  ): Strategy;
+}
+
+export class AppleAuthStrategyFactoryProvider
+  implements Provider<AppleAuthStrategyFactory> {
+  constructor(
+    @inject(Strategies.Passport.APPLE_OAUTH2_VERIFIER)
+    private readonly verifierAppleAuth: VerifyFunction.AppleAuthFn,
+  ) {}
+
+  value(): AppleAuthStrategyFactory {
+    return (options, verifier) =>
+      this.getAppleAuthStrategyVerifier(options, verifier);
+  }
+
+  getAppleAuthStrategyVerifier(
+    options: AuthenticateOptions | AuthenticateOptionsWithRequest,
+    verifierPassed?: VerifyFunction.AppleAuthFn,
+  ): Strategy {
+    const verifyFn = verifierPassed ?? this.verifierAppleAuth;
+    let strategy;
+    if (options && options.passReqToCallback === true) {
+      strategy = new Strategy(
+        options,
+
+        // eslint-disable-next-line @typescript-eslint/no-misused-promises
+        async (
+          req: Request,
+          accessToken: string,
+          refreshToken: string,
+          decodedIdToken: DecodedIdToken,
+          profile: Profile,
+          cb: VerifyCallback,
+        ) => {
+          try {
+            const user = await verifyFn(
+              accessToken,
+              refreshToken,
+              decodedIdToken,
+              profile,
+              cb,
+              req,
+            );
+            if (!user) {
+              throw new HttpErrors.Unauthorized(
+                AuthErrorKeys.InvalidCredentials,
+              );
+            }
+            cb(undefined, user);
+          } catch (err) {
+            cb(err);
+          }
+        },
+      );
+    } else {
+      strategy = new Strategy(
+        options,
+        // eslint-disable-next-line @typescript-eslint/no-misused-promises
+        async (
+          accessToken: string,
+          refreshToken: string,
+          decodedIdToken: DecodedIdToken,
+          profile: Profile,
+          cb: VerifyCallback,
+        ) => {
+          try {
+            const user = await verifyFn(
+              accessToken,
+              refreshToken,
+              decodedIdToken,
+              profile,
+              cb,
+            );
+            if (!user) {
+              throw new HttpErrors.Unauthorized(
+                AuthErrorKeys.InvalidCredentials,
+              );
+            }
+            cb(undefined, user);
+          } catch (err) {
+            cb(err);
+          }
+        },
+      );
+    }
+
+    this._setupProxy(strategy);
+    return strategy;
+  }
+
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  private _setupProxy(strategy: any) {
+    // Setup proxy if any
+    let httpsProxyAgent;
+    if (process.env['https_proxy']) {
+      httpsProxyAgent = new HttpsProxyAgent(process.env['https_proxy']);
+      strategy._oauth2.setAgent(httpsProxyAgent);
+    } else if (process.env['HTTPS_PROXY']) {
+      httpsProxyAgent = new HttpsProxyAgent(process.env['HTTPS_PROXY']);
+      strategy._oauth2.setAgent(httpsProxyAgent);
+    }
+  }
+}

src/strategies/passport/passport-apple-oauth2/apple-auth-strategy-factory-provider.ts

@@ -0,0 +1,27 @@
+import {Provider} from '@loopback/context';
+import {HttpErrors, Request} from '@loopback/rest';
+import * as AppleStrategy from 'passport-apple';
+
+import {DecodedIdToken} from 'passport-apple';
+
+import {VerifyFunction} from '../../types';
+
+export class AppleAuthVerifyProvider
+  implements Provider<VerifyFunction.AppleAuthFn> {
+  constructor() {}
+
+  value(): VerifyFunction.AppleAuthFn {
+    return async (
+      accessToken: string,
+      refreshToken: string,
+      decodedIdToken: DecodedIdToken,
+      profile: AppleStrategy.Profile,
+      cb: AppleStrategy.VerifyCallback,
+      req?: Request,
+    ) => {
+      throw new HttpErrors.NotImplemented(
+        `VerifyFunction.AppleAuthFn is not implemented`,
+      );
+    };
+  }
+}

src/strategies/passport/passport-apple-oauth2/apple-auth-verify.provider.ts

@@ -0,0 +1,2 @@
+export * from './apple-auth-strategy-factory-provider';
+export * from './apple-auth-verify.provider';

src/strategies/passport/passport-apple-oauth2/index.ts

@@ -2,6 +2,8 @@ import {Request} from '@loopback/rest';
 import * as GoogleStrategy from 'passport-google-oauth20';
 import * as AzureADStrategy from 'passport-azure-ad';
 import * as InstagramStrategy from 'passport-instagram';
+import * as AppleStrategy from 'passport-apple';
+import {DecodedIdToken} from 'passport-apple';
 import {IAuthClient, IAuthUser} from '../types';
 
 export type VerifyCallback = (
@@ -73,6 +75,17 @@ export namespace VerifyFunction {
     ): Promise<T | null>;
   }
 
+  export interface AppleAuthFn<T = IAuthUser> extends GenericAuthFn<T> {
+    (
+      accessToken: string,
+      refreshToken: string,
+      decodedIdToken: DecodedIdToken,
+      profile: AppleStrategy.Profile,
+      cb: AppleStrategy.VerifyCallback,
+      req?: Request,
+    ): Promise<T | null>;
+  }
+
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   export interface GenericAuthFn<T = any> {
     // eslint-disable-next-line @typescript-eslint/no-explicit-any