无法使用 JWT 令牌连接到 Apple App Store API

我需要为 Store Connect API 生成 JWT 令牌。这是我的令牌生成代码:


console.log("🏃 appStoreConnectAPIFromNode.js running 🏃‍")


const fs   = require('fs');

const jwt  = require('jsonwebtoken'); // npm i jsonwebtoken

// You get privateKey, apiKeyId and issuerId from your Apple App Store Connect account

const privateKey = fs.readFileSync("./AuthKey-XXXXXXXX.p8") // this is the file you can only download once and should treat like a real, very precious key.

const apiKeyId = "XXXXXXXX"

const issuerId = "XXXXXXXX-XXXX-XXXX-XXX-XXXXXXXXXX"

let now = Math.round((new Date()).getTime() / 1000); // Notice the /1000 

let nowPlus20 = now + 1199 // 1200 === 20 minutes


let payload = {

    "iss": issuerId,

    "exp": nowPlus20,

    "aud": "appstoreconnect-v1",

    "iat": now

}


let signOptions = {

    "algorithm": "ES256", // you must use this algorythm, not jsonwebtoken's default

    header : {

        "alg": "ES256",

        "kid": apiKeyId,

        "typ": "JWT"

    }

};


let token = jwt.sign(payload, privateKey, signOptions);

console.log('@token: ', token);


fs.writeFile('Output.txt', token, (err) => { 

      

    // In case of a error throw err. 

    if (err) throw err; 

})

我收到了这个回复


 "errors": [{

                "status": "401",

                "code": "NOT_AUTHORIZED",

                "title": "Authentication credentials are missing or invalid.",

                "detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens"

        }]

我认为问题在于令牌(直接带有签名)。当我尝试在https://jwt.io/#debugger-io上解码令牌时,我的有效负载和标头已正确解码。状态:签名无效


我做错了什么?有什么想法如何正确地做到这一点吗?


catspeake
浏览 253回答 4
4回答

绝地无双

我也遇到这个问题,我和队友解决了。。。。。解决方案:删除有效负载中的“iat”(这很重要):像这样,let payload = {     iss: *******,     exp: *******,     aud: "appstoreconnect-v1",     bid: "your_bundle_id",   };网址:我用的是axios:const { data } = await axios({     method: "GET",     url: "https://api.storekit.itunes.apple.com/inApps/v1/history/",     headers: {       "Content-type": "application/json",       Authorization: `Bearer ${token}`,     },   });res.json(data);

慕标5832272

我最近也需要解决这个问题,在学习了很多教程之后,这些教程经常给出应用程序商店连接 api 的错误答案。我找到了一种让它发挥作用的方法。我在 Java 中就是这样做的。import com.auth0.jwt.JWT;import com.auth0.jwt.algorithms.Algorithm;import org.bouncycastle.openssl.PEMParser;import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;import java.security.spec.PKCS8EncodedKeySpec;import java.security.interfaces.ECPrivateKey;import java.security.KeyFactory;import java.io.FileReader;import java.util.Base64;import java.time.Instant;import java.time.temporal.ChronoUnit;// The code is like this so try it in whatever method you want, // break it up into pieces so it's a bit more readable// These variables are the minimum you should needString keyFile = "/path/to/app_store_AuthKey_XXXX.p8";// The XXXX is the same XXXX from the keyFile filename itselfString keyId = "XXXX";String issuerId = "1234-1234-1234-1234-1234";FileReader kfReader = new FileReader(keyFile);PEMParser pemParser = new PEMParser(kfReader);PrivateKeyInfo info = (PrivateKeyInfo) pemParser.readObject();byte[] pkData = info.getEncoded();// Convert the PrivateKeyInfo object to a PKCS8EncodedKeySpec objectPKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pkData);KeyFactory keyFactory = KeyFactory.getInstance("EC");ECPrivateKey privateKey = (ECPrivateKey) keyFactory.generatePrivate(keySpec);Algorithm algorithm = Algorithm.ECDSA256(null, privateKey);Instant expiration = Instant.now().plus(TIMEOUT_MINUTES, ChronoUnit.MINUTES);return JWT.create()          .withKeyId(keyId)          .withIssuer(issuerId)          .withExpiresAt(expiration)          .withAudience("appstoreconnect-v1")          .sign(algorithm);

Helenr

我试图解决我自己的问题,即使用 JWT 连接到 Apple Music API,我在您的有效负载中注意到了两件事。首先,您将 1200 添加到 IAT 中,修复了我的问题,所以谢谢您。第二个是函数现在返回一个浮点数。我认为 API 需要一个 int。我会尝试"iat": parseInt(now)或者now = Math.floor(new Date().getTime() / 1000)

呼啦一阵风

根据jsonwebtoken使用说明。options您可以直接在空负载上使用,如下所示:let signOptions = {    issuer: issuerId,    keyid: apiKeyId,    expiresIn: '20m',    audience: 'appstoreconnect-v1',    algorithm: 'ES256'};let token = jwt.sign({}, privateKey, signOptions);
打开App,查看更多内容
随时随地看视频慕课网APP

相关分类

JavaScript