How to generate apple authorization token/client secret?

Asked 30/12, 2020 at 19:55 Answered 13/6, 2023 at 17:45

Solved python jwt apple-sign-in devicecheck

How can I generate an authorization code/client secret in python for apple sign in and device check?

Ferric answered 30/12, 2020 at 19:55 Comment(0)

First of all we need to generate a app specific p8 file (pem formatted private key) do the following for this:

go to your apple developer portal, under certificates identifiers & profiles apple => keys
click the + sign and create a key with the services you want to use it for
then download the p8 file (be cautious not to lose it you cannot download it again)
also copy the key id you will need it later

in python install pyjwt and do the following:

create a payload dict:

         
data = {
    "iss": "team_id", # team id of your developer account this can be found in your apple developer portal => identifier of your app => "App ID prefix"
    "iat": timestamp_now, # creation timestamp in seconds
    "exp": timestamp_exp, # expiration timestamp in seconds (max 20 mins) see 
    "aud": "https://appleid.apple.com",
    "sub": client_id # your bundle
}

open and read the private key (you downloaded in step 1) into a variable

with open("filename.p8", "r") as f:
    private_key = f.read()

generate your signed jwt token:

token = jwt.encode(payload=data, key=private_key, algorithm="ES256", headers={
    "kid":key_id # the key id is the id u saved in step 1
}).decode()

jwt.encode returns bytes if you want it as a string you need to decode it as I did

the complete code will look like this

import jwt

def generate_token():
        with open("filename.p8", "r") as f:
            private_key = f.read()
        team_id = "teamid"
        client_id = "bundle.id"
        key_id = "keyid"
        validity_minutes = 20
        timestamp_now = int(utils.time_stamp_seconds())
        timestamp_exp = timestamp_now + (60 * validity_minutes)
        cls.last_token_expiration = timestamp_exp
        data = {
                "iss": team_id,
                "iat": timestamp_now,
                "exp": timestamp_exp,
                "aud": "https://appleid.apple.com",
                "sub": client_id
            }
        token = jwt.encode(payload=data, key=private_key, algorithm="ES256", headers={"kid": key_id}).decode()

Ferric answered 30/12, 2020 at 19:55 Comment(2)

I got this in terminal: SyntaxError: invalid syntax at this line---> def generate_token() – Brownstone 29/3, 2023 at 11:45

Fixed the code, the semi colons after the method were missing – Ferric 31/3, 2023 at 16:43

Here is another version of the code provided by @ARR and some links:

team_id: https://developer.apple.com/help/account/manage-your-team/locate-your-team-id/
client_id: The app identifier it looks like "my.app.com", you can find all your identifiers here: https://developer.apple.com/account/resources/identifiers/list
key_id: This one can be obtained after creating the private_key in the following link https://appstoreconnect.apple.com/access/api

import jwt
import time

def generate_token():
    with open("file.p8", "r") as f:
        private_key = f.read()
        team_id = "123"
        client_id = "bundle.id"
        key_id = "123"
        validity_minutes = 20
        timestamp_now = int(time.time())
        timestamp_exp = timestamp_now + (60 * validity_minutes)
        # Assuming `last_token_expiration` is a class variable defined somewhere else
        # cls.last_token_expiration = timestamp_exp
        data = {
            "iss": team_id,
            "iat": timestamp_now,
            "exp": timestamp_exp,
            "aud": "https://appleid.apple.com",
            "sub": client_id
        }
        token = jwt.encode(
            payload=data,
            key=private_key.encode('utf-8'),
            algorithm="ES256",
            headers={"kid": key_id}
        )
        print(token)


generate_token()

Fenrir answered 13/6, 2023 at 17:45 Comment(0)

Recommended topics

Hot tags