How to use APNs Auth Key (.p8 file) in C#?

Asked 28/2, 2017 at 16:44 Answered 24/11, 2022 at 2:59

I'm trying to send push notifications to iOS devices, using token-based authentication.

As required, I generated an APNs Auth Key in Apple's Dev Portal, and downloaded it (it's a file with p8 extension).

To send push notifications from my C# server, I need to somehow use this p8 file to sign my JWT tokens. How do I do that?

I tried to load the file to X509Certificate2, but X509Certificate2 doesn't seem to accept p8 files, so then I tried to convert the file to pfx/p12, but couldn't find a way to do that that actually works.

Summerville answered 28/2, 2017 at 16:44 Comment(0)

I found a way to do that, using BouncyCastle:

private static CngKey GetPrivateKey()
{
    using (var reader = File.OpenText("path/to/apns/auth/key/file.p8"))
    {
        var ecPrivateKeyParameters = (ECPrivateKeyParameters)new PemReader(reader).ReadObject();
        var x = ecPrivateKeyParameters.Parameters.G.AffineXCoord.GetEncoded();
        var y = ecPrivateKeyParameters.Parameters.G.AffineYCoord.GetEncoded();
        var d = ecPrivateKeyParameters.D.ToByteArrayUnsigned();
        return EccKey.New(x, y, d);
    }
}

And now creating and signing the token (using jose-jwt):

private static string GetProviderToken()
{
    var epochNow = (int) DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1)).TotalSeconds;
    var payload = new Dictionary<string, object>()
    {
        {"iss", "your team id"},
        {"iat", epochNow}
    };
    var extraHeaders = new Dictionary<string, object>()
    {
        {"kid", "your key id"}
    };
    var privateKey = GetPrivateKey();
    return JWT.Encode(payload, privateKey, JwsAlgorithm.ES256, extraHeaders);
}

Summerville answered 6/3, 2017 at 16:46 Comment(3)

Would you be willing to share your code that you use to upload the token and payload data? I have tried for hours but only get a "Connection Closed" error. – Loveless 17/4, 2017 at 17:43

Hi, how can I call the Apple web services with this token? – Zeb 19/6, 2017 at 16:20

can you please add more details as to how to send the post to the APN service? I have the code which is very similar to the one in the thread below, and I get the same error. any help would be greatly appreciated. #53379412 – Cloakanddagger 22/11, 2018 at 17:41

I hope this will be a solution;

private static string GetToken(string fileName)
    {
        var fileContent = File.ReadAllText(fileName).Replace("-----BEGIN PRIVATE KEY-----", "").Replace
            ("-----END PRIVATE KEY-----", "").Replace("\r", "");
        
        var signatureAlgorithm = GetEllipticCurveAlgorithm(fileContent);

        ECDsaSecurityKey eCDsaSecurityKey = new ECDsaSecurityKey(signatureAlgorithm)
        {
            KeyId = "S********2"
        };

        var handler = new JwtSecurityTokenHandler();   
        JwtSecurityToken token = handler.CreateJwtSecurityToken(
            issuer: "********-****-****-****-************",
            audience: "appstoreconnect-v1",
            expires: DateTime.UtcNow.AddMinutes(5), 
            issuedAt: DateTime.UtcNow,
            notBefore: DateTime.UtcNow,
            signingCredentials: new SigningCredentials(eCDsaSecurityKey, SecurityAlgorithms.EcdsaSha256));

        return token.RawData;

    }
    
    private static ECDsa GetEllipticCurveAlgorithm(string privateKey)
    {
        var keyParams = (ECPrivateKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKey));

        var normalizedEcPoint = keyParams.Parameters.G.Multiply(keyParams.D).Normalize();

        return ECDsa.Create(new ECParameters
        {
            Curve = ECCurve.CreateFromValue(keyParams.PublicKeyParamSet.Id),
            D = keyParams.D.ToByteArrayUnsigned(),
            Q =
            {
                X = normalizedEcPoint.XCoord.GetEncoded(),
                Y = normalizedEcPoint.YCoord.GetEncoded()
            }
        });
    }

Pongid answered 20/5, 2021 at 0:41 Comment(2)

Can you explain briefly why this would a solution ? – Etymon 20/5, 2021 at 13:2

this is working for me to connect to app store server api ! thanks – Latex 11/1, 2022 at 8:43

A way to create the key without BouncyCastle:

    var privateKeyString = (await File.ReadAllTextAsync("<PATH_TO_KEY_FILE>"))
        .Replace("-----BEGIN PRIVATE KEY-----", "")
        .Replace("-----END PRIVATE KEY-----", "")
        .Replace("\n", "");
    using var algorithm = ECDsa.Create();
    algorithm.ImportPkcs8PrivateKey(Convert.FromBase64String(privateKeyText), out var _);
    var securityKey = new ECDsaSecurityKey(algorithm) { KeyId = "<KEY_ID>" };

Firedog answered 24/11, 2022 at 2:59 Comment(0)

Recommended topics

Hot tags