fix: accept ID tokens from all .apple.com issuers

hf · hf · commit de8545c9570e · 2025-06-11T04:46:53.000+02:00
diff --git a/internal/api/provider/apple.go b/internal/api/provider/apple.go
@@ -13,7 +13,9 @@ import (
 	"golang.org/x/oauth2"
 )
 
-const IssuerApple = "https://appleid.apple.com"
+func IsIssuerApple(issuer string) bool {
+	return issuer == "https://appleid.apple.com" || (strings.HasPrefix(issuer, "https://") && strings.HasSuffix(issuer, ".apple.com"))
+}
 
 // AppleProvider stores the custom config for apple provider
 type AppleProvider struct {
diff --git a/internal/api/provider/oidc.go b/internal/api/provider/oidc.go
@@ -55,8 +55,6 @@ func ParseIDToken(ctx context.Context, provider *oidc.Provider, config *oidc.Con
 	switch token.Issuer {
 	case IssuerGoogle:
 		token, data, err = parseGoogleIDToken(token)
-	case IssuerApple:
-		token, data, err = parseAppleIDToken(token)
 	case IssuerLinkedin:
 		token, data, err = parseLinkedinIDToken(token)
 	case IssuerKakao:
@@ -66,6 +64,8 @@ func ParseIDToken(ctx context.Context, provider *oidc.Provider, config *oidc.Con
 	default:
 		if IsAzureIssuer(token.Issuer) {
 			token, data, err = parseAzureIDToken(token)
+		} else if IsAppleIssuer(token.Issuer) {
+			token, data, err = parseAppleIDToken(token)
 		} else {
 			token, data, err = parseGenericIDToken(token)
 		}

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,9 @@ import (`
`13`	`13`	`"golang.org/x/oauth2"`
`14`	`14`	`)`
`15`	`15`
`16`		`-const IssuerApple = "https://appleid.apple.com"`
	`16`	`+func IsIssuerApple(issuer string) bool {`
	`17`	`+ return issuer == "https://appleid.apple.com" \|\| (strings.HasPrefix(issuer, "https://") && strings.HasSuffix(issuer, ".apple.com"))`
	`18`	`+}`
`17`	`19`
`18`	`20`	`// AppleProvider stores the custom config for apple provider`
`19`	`21`	`type AppleProvider struct {`