android – Decode private relay email

0
39


I’m developing Apple Authentication feature on Android with React Native, using this library: https://github.com/invertase/react-native-apple-authentication. Everything goes fine, but there is still a thing I want to show in the form is that the real email, or Apple ID of the user. The default settings of Apple accounts is that use private relay, so after I call signIn() method in this code fragment

// App.js

import { appleAuthAndroid } from '@invertase/react-native-apple-authentication';
import 'react-native-get-random-values';
import { v4 as uuid } from 'uuid'

async function onAppleButtonPress() {
  // Generate secure, random values for state and nonce
  const rawNonce = uuid();
  const state = uuid();

  // Configure the request
  appleAuthAndroid.configure({
    // The Service ID you registered with Apple
    clientId: 'com.example.client-android',

    // Return URL added to your Apple dev console. We intercept this redirect, but it must still match
    // the URL you provided to Apple. It can be an empty route on your backend as it's never called.
    redirectUri: 'https://example.com/auth/callback',

    // The type of response requested - code, id_token, or both.
    responseType: appleAuthAndroid.ResponseType.ALL,

    // The amount of user information requested from Apple.
    scope: appleAuthAndroid.Scope.ALL,

    // Random nonce value that will be SHA256 hashed before sending to Apple.
    nonce: rawNonce,

    // Unique state value used to prevent CSRF attacks. A UUID will be generated if nothing is provided.
    state,
  });

  // Open the browser window for user sign in
  const response = await appleAuthAndroid.signIn();

  // Send the authorization code to your backend for verification
}

I got an id_token, after I decode the token, I got an object in this pattern:

{
"aud":"",
"auth_time":,
"c_hash":"xxxxxxx",
"email":"xxxxxxx@privaterelay.appleid.com",
"email_verified":"true",
"exp":1663743691,
"iat":1663657291,
"is_private_email":"true",
"iss":"https://appleid.apple.com",
"nonce":"xxxxxxxxxxxxxxxxxx",
"nonce_supported":true,
"sub":"xxxxxxxxxxxxxxxx"
}

whose the email is not the real email that the user entered before. So this can cause a confusion after that when I show the user’s information in a form to confirmation, I can only use this private relay email. I wonder that whether any way to decode this email to get the real one, by using c_hash for instance.