Fix apple signin authAdapter to use the user id instead of the user token

SebC99 · SebC99 · commit 1290fd97d71c · 2019-08-07T15:43:33.000+02:00
diff --git a/src/Adapters/Auth/apple.js b/src/Adapters/Auth/apple.js
@@ -29,7 +29,7 @@ const getApplePublicKey = async () => {
   return currentKey;
 };
 
-const verifyIdToken = async (token, clientID) => {
+const verifyIdToken = async ({ token, id }, clientID) => {
   if (!token) {
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
@@ -45,6 +45,12 @@ const verifyIdToken = async (token, clientID) => {
       `id token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`
     );
   }
+  if (jwtClaims.sub !== id) {
+    throw new Parse.Error(
+      Parse.Error.OBJECT_NOT_FOUND,
+      `auth data is invalid for this user.`
+    );
+  }
   if (clientID !== undefined && jwtClaims.aud !== clientID) {
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
@@ -56,7 +62,7 @@ const verifyIdToken = async (token, clientID) => {
 
 // Returns a promise that fulfills if this id token is valid
 function validateAuthData(authData, options = {}) {
-  return verifyIdToken(authData.id, options.client_id);
+  return verifyIdToken(authData, options.client_id);
 }
 
 // Returns a promise that fulfills if this app id is valid.
