I have a React native front end where I use this library to handle Apple Authentication.
Then I have a NodeJS back end, where I use this library to handle Apple authenticated users and let them access routes.
I want the users to be able use the app without logging in again without a time limit.
Therefore I save the identity token, which I get when the user does the first sign up in Async Storage in the front-end. Every time the user tries to access routes the user will be checked if he/she has a identityToken in the Header in my isAuth
middleware in the NodeJS backend for the respective request.
It seems like the token expires after one day and the get the following error message in the backend in my isAuth
middleware:
isAuth errorMessage JsonWebTokenError: error in secret or public key callback: input error: Invalid id token public key id
The error is thrown in the apple-signin-auth
library when executing this code:
const appleSignin = require("apple-signin-auth");
result = await appleSignin.verifyIdToken(token, {
audience: config.CLIENT_ID_APPLE,
ignoreExpiration: true, // ignore token expiry (never expires)
});
I thought the token does not expire, because I set the ignoreExpiration flag to true
. But when I read up their documentation this seems to be wrong. They state that I also need to add
nonce: 'NONCE', // nonce // Check this note if coming from React Native AS RN automatically SHA256-hashes the nonce https://github.com/invertase/react-native-apple-authentication#nonce // If you want to handle expiration on your own, or if you want the expired tokens decoded
So I should add nonce
if I want to decode the expired tokens, as far as I understand?
As a result I need to save the nonce
I get at the first Signin from the user in the AsyncStorage as well as the id_token
and then every time I need to add the nonce
to the appleSignin.verifyIdToken
request. Would that be a solution to my problem or is that a wrong approach or is there an easier solution?
Thanks for the help!