1. 技术文章
  2. Generating token for App Store Connect API

Generating token for App Store Connect API

六月ゝ 毕业季﹏ 提交于 2019-12-13 14:30:02

问题


I need to generate JWT token for Store Connect API. I'm trying use jwt ruby gem ruby-jwt. This is my token generating code,

payload = {
      'iss': my_issuer_id_from_db,
      'exp': generated_unix_timestamp, #Time.now + 20min
      'aud': 'hard_coded_string_from_doc'
  }
  header = {
      'alg': 'ES256',
      'kid': my_key_id_from_db,
      'typ': 'JWT'
  }

private_key = OpenSSL::PKey.read(File.read('/tmp/private_key.pem'))
# private_key - <OpenSSL::PKey::EC:0x000000000XXXXXXX>

@token = JWT.encode(payload, private_key, 'ES256', header)
# encoded_header.encoded_payload.emcoded_signature

This token I put in to header of my request:

headers = { Authorization: 'Bearer' + @token }

in respons I receive:

        "errors": [{
                "status": "401",
                "code": "NOT_AUTHORIZED",
                "title": "Authentication credentials are missing or invalid.",
                "detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens"
        }]
}

I thing the problem is with token(directly with signature). When I try decode token with online tool, my payload and header is decoded properly. Status: Invalid Signature

What I do wrong? Any ideas how do it properly?


回答1:


You had a missing space in your authorization string passed in. You code worked fine when modified to

headers = { Authorization: 'Bearer ' + @token }




回答2:


I was facing similar kind of authentication error i.e. NOT_AUTHORIZED. And I resolved it by following these steps:

1. Create Ruby Script file to generate valid Bearer Token:

Ref: https://medium.com/xcblog/generating-jwt-tokens-for-app-store-connect-api-2b2693812a35

require "base64"
require "jwt"
ISSUER_ID = "YOUR_ISSUER_ID"
KEY_ID = "YOUR PRIVATE KEY ID"    // this is ID part from downloaded .p8 file name (see below for ref.)
private_key = OpenSSL::PKey.read(File.read(path_to_your_private_key/AuthKey_#{KEY_ID}.p8))   // you can enclose your file path in quotes if needed, and can pass here totally static file path (here we are reusing Key_ID variable)

token = JWT.encode(
   {
    iss: ISSUER_ID,
    exp: Time.now.to_i + 20 * 60,
    aud: "appstoreconnect-v1"
   },
   private_key,
   "ES256",
   header_fields={
       kid: KEY_ID }
)
puts token

Then run this script with following command on your Mac.

$ ruby jwt.rb

This will display a valid Bearer token on your terminal screen, that you can use in next step.

Notes:

  • In order to run above script, you'll need to have ruby installed.
  • You'll copy Issuer ID from you Developer account. Generate one if you don't have it.
  • Make sure you are using '.p8' certificate against authenticated user, which means the account against which you downloaded '.p8' certificate should have permission to perform API level operation. For my case I used Admin type account. Initially I was using Developer type user account which kept giving me Not_Authorized error when I go for final Curl call to get the token.

2. Using Token:

Now that, we have seen how to generate a token to access an App Store Connect API, we can use it by passing authorization header. e.g to get a list of all user we can use

$ curl  https://api.appstoreconnect.apple.com/v1/users --Header "Authorization: Bearer lOOOOOOOOOOOONG_GENERATED_TOKEN"

This will list all the users of App Store Connect. Remember that we have to use this token with every request we make and we have to create new token after every 20 minutes.



来源:https://stackoverflow.com/questions/54287340/generating-token-for-app-store-connect-api

标签
ruby
jwt
app-store-connect
itunes
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!