Skip to content

Commit db40038

Browse files
Merge pull request #32 from OpenSecretCloud/apple-external-oauth2-services
Append services to apple external oauth
2 parents 5120402 + 2f8d06f commit db40038

File tree

5 files changed

+26
-5
lines changed

5 files changed

+26
-5
lines changed

pcrDev.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"HashAlgorithm": "Sha384 { ... }",
3-
"PCR0": "2e6e8f86a657f6daed8e699c0b74bf02d6c7d6414638b1032e6addd2bca7d208a0e8aa4961eb8e926c54dc58fd63d401",
3+
"PCR0": "6b15f0571de13a6357e646bbe3772a8fe32fdd85b07ba97b3a6f95bdc43023dd9deb5710c26b75346de90157d9ecdd1f",
44
"PCR1": "e45de6f4e9809176f6adc68df999f87f32a602361247d5819d1edf11ac5a403cfbb609943705844251af85713a17c83a",
5-
"PCR2": "5c513f9c10db4f10ac27f2da0310bfee983aee9b5676866aef0c35238b9e90b56a59d42e6c3f083a64091c697fa2c9a4"
5+
"PCR2": "cb114b8e27fb08576dee6a0481eef5ad96030a4a6402e7783ff363abbc5d72a2d916d053706cb76c6ff405ded55b77ae"
66
}

pcrDevHistory.json

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,5 +33,12 @@
3333
"PCR2": "5c513f9c10db4f10ac27f2da0310bfee983aee9b5676866aef0c35238b9e90b56a59d42e6c3f083a64091c697fa2c9a4",
3434
"timestamp": 1746806841,
3535
"signature": "JgnRXXIAlRzxmAnkwoGfcKpqKOqTjeEApiUbtiawNytd5/C9jUSQzFGP2w7yVTlHNzuddaVlGVggxVIP2EWHI78qi8Rxa/V4tvzpSj7ojOAdQOFIQk5EhnnXRibj1zRC"
36+
},
37+
{
38+
"PCR0": "6b15f0571de13a6357e646bbe3772a8fe32fdd85b07ba97b3a6f95bdc43023dd9deb5710c26b75346de90157d9ecdd1f",
39+
"PCR1": "e45de6f4e9809176f6adc68df999f87f32a602361247d5819d1edf11ac5a403cfbb609943705844251af85713a17c83a",
40+
"PCR2": "cb114b8e27fb08576dee6a0481eef5ad96030a4a6402e7783ff363abbc5d72a2d916d053706cb76c6ff405ded55b77ae",
41+
"timestamp": 1747766223,
42+
"signature": "rURCqPwmpN/p/i7++Fm4esxeSCRRVSUws8Law5i9mBH3IIUCIJmqfGAD67+KGWM6bb5YfsQEy6O31bCFgsueUD+1fBGwFZGGl50JyaPj882Hx0waxrgoWbll7n+R7DiB"
3643
}
3744
]

pcrProd.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"HashAlgorithm": "Sha384 { ... }",
3-
"PCR0": "8de5541089649e9edb2cd96fafb90716aa298483447e459708e8840b1f82a557c9d9ff6ae1fd2461b04310e7d9400d7d",
3+
"PCR0": "02a41da2df084fd1dee420d7717bef6dc0120f1d6a0b7fded3f4c7a539be4044b3061c71bc7156731db1fb66494097b0",
44
"PCR1": "e45de6f4e9809176f6adc68df999f87f32a602361247d5819d1edf11ac5a403cfbb609943705844251af85713a17c83a",
5-
"PCR2": "c9f052dab1c210be6b64ea942148efa248ad4fb0c3fbbf5ab7fa7dc6287adec0d1e00f7e01b6109418026546f6f34cf8"
5+
"PCR2": "4563722b974255c127d3706805645d13d10a4f01fe8e4e242e58cf1c89c21d27fbbb8a3be197c649e8dc5694370f3c12"
66
}

pcrProdHistory.json

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,5 +33,12 @@
3333
"PCR2": "c9f052dab1c210be6b64ea942148efa248ad4fb0c3fbbf5ab7fa7dc6287adec0d1e00f7e01b6109418026546f6f34cf8",
3434
"timestamp": 1746806841,
3535
"signature": "XrFzIY9kD6QIEjikTe0kT4gHI2J59vsgkRVYTUOjWRrV0K54weasiBMPdRj4BiHxUgzwFbSunCgGYOrBP857A9VlmYU6rgPfHB+Wg/ToHk1Dzz0T/u+rv/ioavFdWiij"
36+
},
37+
{
38+
"PCR0": "02a41da2df084fd1dee420d7717bef6dc0120f1d6a0b7fded3f4c7a539be4044b3061c71bc7156731db1fb66494097b0",
39+
"PCR1": "e45de6f4e9809176f6adc68df999f87f32a602361247d5819d1edf11ac5a403cfbb609943705844251af85713a17c83a",
40+
"PCR2": "4563722b974255c127d3706805645d13d10a4f01fe8e4e242e58cf1c89c21d27fbbb8a3be197c649e8dc5694370f3c12",
41+
"timestamp": 1747766237,
42+
"signature": "PvzREdaKwTpXGbdgA7OkC3LFPJoyyN8dXFqPS5vnY1zSf0w9C6o6W+MGlVuZNDJADROO3nmfuY4GspVK8t5WCobLo0VsT12jNcnnm7EOi4BrL2EMKdfyLA+LC28BjfX+"
3643
}
3744
]

src/web/oauth_routes.rs

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -476,14 +476,21 @@ pub async fn oauth_callback(
476476
})?;
477477

478478
// Get Apple client ID from project OAuth settings
479-
let client_id = oauth_settings
479+
let mut client_id = oauth_settings
480480
.apple_oauth_settings
481481
.ok_or_else(|| {
482482
error!("Apple OAuth settings not configured");
483483
ApiError::BadRequest
484484
})?
485485
.client_id;
486486

487+
// For web-based OAuth flow, append .services to the client ID
488+
// This is because Apple requires Services ID for web flow, not App ID
489+
if !client_id.ends_with(".services") {
490+
client_id = format!("{}.services", client_id);
491+
debug!("Modified Apple client ID for web flow: {}", client_id);
492+
}
493+
487494
// For Apple, we need to extract the ID token from the token exchange response
488495
debug!("Processing Apple OAuth token response to get ID token");
489496

0 commit comments

Comments
 (0)