为 Apple 的 DeviceCheck 生成 JWT API
Generating a JWT for Apple's DeviceCheck API
我正在尝试使用 Apple 的 DeviceCheck API。我似乎无法设计一个不会因 401 Unable to verify authorization token
而失败的请求 我已经尝试了一些小的变化。
import java.security.KeyFactory
import java.security.spec.PKCS8EncodedKeySpec
import java.util.Base64
import io.jsonwebtoken.{Jwts, SignatureAlgorithm}
val deviceCheckPrivateKey = "<Key in plaintext without the key-guards>"
val privateKey = KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder.decode(deviceCheckPrivateKey)))
val builder = Jwts
.builder()
.setHeaderParam("kid", "<key-id-from-file>")
.signWith(SignatureAlgorithm.ES256, privateKey)
.claim("iss", "<team-id>")
.claim("iat", System.currentTimeMillis())
println(builder.compact())
我将这个暂存文件的输出插入到这里:
curl -i -H "Authorization: Bearer <Output>" -X POST --data-binary @ValidQueryRequest.json https://api.development.devicecheck.apple.com/v1/query_two_bits
根据 Apple's documentation 的推荐。
这样的整体结构对吗?我正在尝试遵循 this tutorial 这意味着这种结构:
但是来自 Apple 的广告:
Each request you send to the query and update endpoints must include an authorization header that contains your authentication key. The authentication key must must use the ES256 algorithm and be in the Base 64 URL–encoded JSON web token format. If your token doesn't use this format, you receive a BAD_AUTHENTICATION_TOKEN HTTP error.
建议不要使用密钥签名,我的请求应该 "contain my authentication key"。
根据:https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6
val builder = Jwts
.builder()
.setHeaderParam("kid", "<key-id-from-file>")
.signWith(SignatureAlgorithm.ES256, privateKey)
.claim("iss", "<team-id>")
.claim("iat", System.currentTimeMillis()) // <--- Should be seconds, not milliseconds
我正在尝试使用 Apple 的 DeviceCheck API。我似乎无法设计一个不会因 401 Unable to verify authorization token
而失败的请求 我已经尝试了一些小的变化。
import java.security.KeyFactory
import java.security.spec.PKCS8EncodedKeySpec
import java.util.Base64
import io.jsonwebtoken.{Jwts, SignatureAlgorithm}
val deviceCheckPrivateKey = "<Key in plaintext without the key-guards>"
val privateKey = KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder.decode(deviceCheckPrivateKey)))
val builder = Jwts
.builder()
.setHeaderParam("kid", "<key-id-from-file>")
.signWith(SignatureAlgorithm.ES256, privateKey)
.claim("iss", "<team-id>")
.claim("iat", System.currentTimeMillis())
println(builder.compact())
我将这个暂存文件的输出插入到这里:
curl -i -H "Authorization: Bearer <Output>" -X POST --data-binary @ValidQueryRequest.json https://api.development.devicecheck.apple.com/v1/query_two_bits
根据 Apple's documentation 的推荐。
这样的整体结构对吗?我正在尝试遵循 this tutorial 这意味着这种结构:
但是来自 Apple 的广告:
Each request you send to the query and update endpoints must include an authorization header that contains your authentication key. The authentication key must must use the ES256 algorithm and be in the Base 64 URL–encoded JSON web token format. If your token doesn't use this format, you receive a BAD_AUTHENTICATION_TOKEN HTTP error.
建议不要使用密钥签名,我的请求应该 "contain my authentication key"。
根据:https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6
val builder = Jwts
.builder()
.setHeaderParam("kid", "<key-id-from-file>")
.signWith(SignatureAlgorithm.ES256, privateKey)
.claim("iss", "<team-id>")
.claim("iat", System.currentTimeMillis()) // <--- Should be seconds, not milliseconds