Closed cchacholiades closed 2 years ago
Hi @cchacholiades, thank you! Yes, keyId
and privateKeyLocation
are required as they are used to generate the Client Secret. I doubt it'll work after redirecting to Apple.
Here's how you can create a key: https://github.com/ananay/apple-auth/blob/master/SETUP.md#create-a-key
Great! Thank you for the prompt reply.
I am using this package to get the routes / api necessary to login someone with apple in a node/express/nuxt setup. I was wondering if there are any security related concerns (I should be aware of) in regards to where the .p8 file should be stored?
For now I have it in a folder ../configurations/AuthKey_.p8
- this file shouldn't be in git either, right?
Yes, the p8 file should not be checked in. For the config, I would suggest using a filled out json file for local dev testing but on a server you can use environment variables
@ananay I'll still need to figure out a way to efficiently store the p8 key for a node setup in production, but this helps a lot! Thanks again.
@ananay one last question in case you can help. Is it possible to store the contents of the .p8 file in an env var and load it through the privateKeyLocation
option?
edit: I should be able to achieve this with the option privateKeyString
🎉
Hi @ananay! Great work on this, thank you. I have a question about the initialise options
keyId
andprivateKeyLocation
. Are these really required?Login seems to redirect the user to apple even without these.
Thank you in advance.