public static async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req, ILogger log) { // Pass along the state and nonce generated by the client app // TODO: IMPORTANT You should really cache this state in a lookup table // that way when the callback request comes in, we can ensure it was from a request // which originated from us. var state = req.Query["state"]; // Pass along the nonce, it will be returned in the id_token we send back to the app var nonce = req.Query["nonce"]; if (string.IsNullOrEmpty(state) || string.IsNullOrEmpty(nonce)) { return(new BadRequestResult()); } // Create a new oauth instance var apple = new AppleSignInClient(Config.ServerId, Config.KeyId, Config.TeamId, new Uri(Config.RedirectUri), Config.P8FileContents, state, nonce); // Generate the auth url to redirect to var url = apple.GenerateAuthorizationUrl(); // Redirect the browser to the auth url return(new RedirectResult(url.OriginalString, false)); }
public static async Task <IActionResult> Callback( [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req, ILogger log) { // Get the auth code we need to exchange for the token var code = req.Form?["code"] ?? req.Query?["code"]; // Get the state returned from the originating auth request // TODO: IMPORTANT You should look the state up from the auth function called previous // and only proceed if it exists in the look up table to ensure it's a genuine // request originating from the auth function. var state = req.Form?["state"] ?? req.Query?["state"]; // We can use the Apple OAuth provider for exchanging the auth code for the access token var apple = new AppleSignInClient(Config.ServerId, Config.KeyId, Config.TeamId, new Uri(Config.RedirectUri), Config.P8FileContents, state, null); // Exchange for the token var account = await apple.ExchangeTokenAsync(code); // Build our redirect URI and attach the properties to it to send back to the app var url = $"{Config.AppCallbackUri}#{account.ToQueryParameters()}"; return(new RedirectResult(url, false)); }