1。用户授权用户在IOSAPP端授权登录后,APP端可以拿到identityToken、authorizationCode、userID这三个字段的数据。2、php-jwt后端收到前端传来的identityToken字符串后,由于identityToken是JWT,我们需要安装如下第三方库来解析identityTokencomposerrequirefirebase/php-jwt3.JWK安装完成后,我们还需要获取解密JWT的JWK。这可以通过访问https://appleid.apple.com/auth/keys来获取密钥列表,也就是JWK列表。这也意味着客户端提交给服务器的identityToken可能是用密钥中特定的JWK加密的。{“键”:[{“kty”:“RSA”,“孩子”:“86D88Kf”,“使用”:“sig”,“alg”:“RS256”,“n”:“iGaLqP6y-SJCCBq5Hv6pGDbG\_SQ11MNjH7rWHcCFYz4hGwHC4lcSurTlV8u3avoVNM8jXevY1jurq-In-hghr1b56OPJu6H1iKulSxGjEIyDP6c5BdE1uwprYyr4IO9th8fOwCPygjLFrh44XEGbDIFeImwvBAGOhmMB2AD1n1KviyNsH0bEB7phQtiLk-ILjv1bORSRl8AK677-1T8isGfHKXGZ\_ZGtStDe7Lu0Ihp8zoUt59kx2o9uWpROkzF56ypresiIl4WprClRCjz8x6cPZXU2qNWhu71TQvUFwvIvbkE1oYaJMb0jcOTmBRZA2QuYw-zHLwQ","e":"AQAB"},{"kty":"RSA","kid":"eXaunmL","use":"sig","alg":"RS256","n":"4dGQ7bQK8LgILOdLsYzfZjkEAoQeVC\_aqyc8GC6RX7dq\_KvRAQAWPvkam8VQv4GK5T4ogklEKEvj5ISBamdDNq1n52TpxQwI2EqxSk7I9fKPKhRt4F8-2yETlYvye-2s6NeWJim0KBtOVrk0gWvEDgd6WOqJl\_yt5WBISvILNyVg1qAAM8JeX6dRPosahRVDjA52G2X-Tip84wqwyRpUlq2ybzcLh3zyhCitBOebiRWDQfG26EH9lTlJhll-p\_Dg8vAXxJLIJ4SNLcqgFeZe4OfHLgdzMvxXZJnPp\_VgmkcpUdRotazKZumj6dBPcXI\_XID4Z4Z3OM1KrZPJNdUhxw","e":"AQAB"},{"kty":"RSA","kid":"AIDOPK1","use":"sig","alg":"RS256","n":"lxrwmuYSAsTfn-lUu4goZSXBD9ackM9OJuwUVQHmbZo6GW4Fu\_auUdN5zI7Y1dEDfgt7m7QXWbHuMD01HLnD4eRtY-RNwCWdjNfEaY\_esUPY3OVMrNDI15Ns13xspWS3q-13kdGv9jHI28P87RvMpjz\_JCpQ5IM44oSyRnYtVJO-320SB8E2Bw92pmrenbp67KRUzTEVfGU4-obP5RZ09OxvCr1io4KJvEOjDJuuoClF66AT72WymtoMdwzUmhINjR0XSqK6H0MdWsjw7ysyd\_JhmqX5CAaT9Pgi0J8lU\_pcl215oANqjy7Ob-VMhug9eGyxAWVfu\_1u6QJKePlE-w","e":"AQAB"}]}接下来就需要我们确定当前的identityToken到底是使用哪个JWK来加密的,这样做可以避免批量生成Certificatestoimproveperformance//处理JWK列表$client=newClient();$reqUrl='https://appleid.apple.com/auth/keys';$res=$client->request('GET',$reqUrl);$resData=json_decode($res->getBody()->getContents(),true);$keys=$resData['keys'];$keys_map=[];foreach($keysas$key){$keys_map[$key['kid']]=$key;}//找到用于加密当前identityToken的JWK$tks=explode('.',$identityToken);列表($headb64,$bodyb64,$cryptob64)=$tks;$header=JWT::jsonDecode(JWT::urlsafeB64Decode($headb64));$key_used=$keys_map[$header->kid];确认JWK后,安装如下第三方库,将JWK转为PEM。composerrequirecodercat/jwk-to-pem然后可以通过以下方式获取用户的数据$jwkConverter=newJWKConverter();$publicKey=$jwkConverter->toPEM($key_used);$decode=JWT::decode($identityToken,$publicKey,['RS256']);print_r($解码);参考iOS13苹果账号登录和后台验证https://juejin.im/post/5d551d11e51d4561cf15dfae
