How to Generate JWT token Apple connect iOS

A

2

5

I'm trying to generate a JWT token for Apple Connect but It's look like something is missing in the "Verify signature" field.

From the API Apple Store Connect dashboard, I'm only able to download the "private key" name AuthKey_{kid}.p8.
From https://jwt.io/, I select the "ALGORITHM" as "ES256" then two field appears in the "SIGNATURE" section:
a) Public key or certificate
b) Private key or certificate (AuthKey_{kid}.p8)

Issue :

I do have the "Invalid Signature" message displaying ...
I don't have any idea where to find the "Public key or cerficate"

I'm following these docs :

Do you have any idea how to fix find the "Public key"?

Ahlers answered 31/1, 2019 at 13:1 Comment(3)

Did you solve this? – Spannew 7/6, 2019 at 10:29

I also have this problem in jwt.io using a p8 key generated for sign in with Apple. The public key is not necessary to generate the signed JWT, however, it seems that the provided private p8 key is not suitable to generate a signed ES256 token. Did you solve the problem? – Delly 14/1, 2020 at 13:2

Hello, yes, I decided to use this component : web-token.spomky-labs.com With this component, I'm able to use a certificate file to generate the token. Here is an example (without certificate file): web-token.spomky-labs.com/the-components/signed-tokens-jws/… – Ahlers 17/1, 2020 at 16:28

M

13

The .p8 file includes the private and public keys. You need to extract those using OpenSSL.

To get the private key:

$ openssl ec -in AuthKey.p8 -out AuthKey_private.p8

To get the public key:

$ openssl ec -in AuthKey.p8 -pubout -out AuthKey_public.p8

Using keys generated via these commands got the signature verified on jwt.io.

Migrate answered 7/7, 2020 at 10:3 Comment(0)

Q

0

Try Below Code:

/* eslint-disable no-console */
const jwt = require('jsonwebtoken')
const fs = require('fs')


// issueId and kId get from https://appstoreconnect.apple.com/access/api
const issueId = 'xxxx'
const kId = 'xxxx' 

// generate private key from https://appstoreconnect.apple.com/access/api
const privateKey = fs.readFileSync('AuthKey_xxxx.p8')

// appId get it from https://appstoreconnect.apple.com/apps
const url = 'v1/apps/{{appId}}/customerReviews'     
const payload = {
    iss: issueId,
    iat: Math.floor(Date.now() / 1000),
    exp: Math.floor(Date.now() / 1000) + (60 * 20), // Token expiration time (20 minutes)    
    aud: 'appstoreconnect-v1',
    scope: [
        'GET /' + url
    ]
}

const header = {
    keyid: kId,
    algorithm: 'ES256'
}

const token = jwt.sign(payload, privateKey, header)

console.log({ token })

const fetch = require('node-fetch')

const headers = {
    'Authorization': `Bearer ${token}`,
    'Content-Type': 'application/json',
}

fetch('https://api.appstoreconnect.apple.com/' + url, {
    headers
}).then(resp => (
    resp.json()
)).then(data => {
    console.log(data)
}).catch(err => {
    console.log(err)
})
// Now use 'token' as the Bearer token in your API requests

Queen answered 8/2 at 14:7 Comment(0)

Recommended topics

Hot tags