I’m currently working with python Server-side software that does authentication against Apple iOS accounts.
My software gets a payload object that looks like this (submitted by an iOS user acquired from their device):
payload = { 'token': 'some-apple-token', 'bundle_id': 'com.example.gc-auth-test-1', 'player_id': 'G:89842761', 'public_key_url': 'https://fake.domain.apple.com/super-fake-url', 'salt': 'txv1rA==\n', 'signature': 'BLAHBLAHBLAH', 'timestamp': 1429121968048, } And then I verify the signature. If the signature checks out as valid, then I can trust that the other fields in the data are legit.
Is there any way I can get the iOS account’s username, email address or the user’s first/last names? Please provide a citation if possible.
