notify and debug apple-signin api

pages/api/auth/apple-signin.ts

@@ -0,0 +1,40 @@
+// pages/api/auth/apple.js
+import jwt from 'jsonwebtoken';
+import axios from 'axios';
+import fs from 'fs';
+import path from 'path';
+
+export default async function handler(req, res) {
+    if (req.method === 'GET') {
+        // Generate the client secret
+        const clientSecret = generateClientSecret();
+        const redirectUri = `${req.headers.origin}/api/auth/apple/callback`;
+
+        // Redirect to Apple's authorization page
+        res.redirect(`https://appleid.apple.com/auth/authorize?response_type=code&client_id=${process.env.APPLE_CLIENT_ID}&redirect_uri=${encodeURIComponent(redirectUri)}&scope=name+email&response_mode=form_post&state=STATE&client_secret=${encodeURIComponent(clientSecret)}`);
+    } else {
+        res.status(405).json({ error: 'Method not allowed' });
+    }
+}
+
+function generateClientSecret() {
+    const appleKey = fs.readFileSync(path.resolve('./_deploy/appleKey.p8'), 'utf8');
+    const teamID = process.env.APPLE_TEAM_ID || "XC57P9SXDK";
+    const keyID = process.env.APPLE_KEY_ID || "TB3V355G5Y";
+    const appleAppID = process.env.APPLE_APP_ID || "com.mwitnessing.mwitnessing";
+
+    // Token expiration
+    const now = Math.floor(Date.now() / 1000);
+    const exp = now + 86400 * 180;  // 6 months
+
+    const claims = {
+        iss: teamID,
+        iat: now,
+        exp: exp,
+        aud: 'https://appleid.apple.com',
+        sub: appleAppID,
+    };
+
+    const token = jwt.sign(claims, privateKey, { algorithm: 'ES256', header: { alg: 'ES256', kid: keyId } });
+    return token;
+}