ItunesConnectApi JWT

ItunesConnectApi JWT

我正在尝试使用 App Store Connect API。 根据 docs,首先我尝试生成 JWT 令牌。 这是 golang 中的代码:

    package main

    import (
        "fmt"
        "io/ioutil"
        "log"
        "time"
        "github.com/dgrijalva/jwt-go"
    )
var iss = "xxxxxxxxxxxxxxxxxxxxx"
var kid = "xxxxx"

func main() {

        bytes, err := ioutil.ReadFile("AuthKey.p8")
        if err!=nil {
            fmt.Println(err)
        }

        token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{
            "iss": iss,
            "exp": time.Now().Unix()+6000,
            "aud": "appstoreconnect-v1",
        })

        token.Header["kid"] = kid

        tokenString, err := token.SignedString(bytes)
        if err != nil {
            log.Fatal(err)
        }
        fmt.Println(tokenString)

    }

AuthKey.p8 - 来自 https://appstoreconnect.apple.com/access/api

的 p8 私钥

似乎 jwt lib 不能在签名键上使用这个 p8,所以我收到错误: key is of invalid type

也许有人已经遇到了同样的问题?或者有其他语言的示例?

更新: 我已将代码更新为:

func main() {

    bytes, err := ioutil.ReadFile("AuthKey.p8")
    if err!=nil {
        fmt.Println(err)
    }

    block, _ := pem.Decode(bytes)
    key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
    if err != nil {
        log.Fatal(err)
    }

    token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{
        "iss": iss,
        "exp": time.Now().Unix()+6000,
        "aud": "appstoreconnect-v1",
    })

    token.Header["kid"] = kid

    tokenString, err := token.SignedString(key)
    if err != nil {
        log.Fatal(err)
    }
    fmt.Println(tokenString)

}

并获取了 JWT 令牌,但是当我尝试使用它时,它从苹果那里得到了 401 api。

 {
        "errors": [{
                "status": "401",
                "code": "NOT_AUTHORIZED",
                "title": "Authentication credentials are missing or invalid.",
                "detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens"
        }]
}

似乎这个问题来自 jwt-go 库的 issue

作者说:

The library will not automatically parse your key from a byte slice. For ES256, I believe you need to provide a key of type *ecdsa.PrivateKey. As of v4, this will also accept a crypto.Signer so long as it produces a valid signature for that signing method.

你可以试试this code example

发现问题,将"exp": time.Now().Unix()+6000,替换为"exp": time.Now().Add(time.Minute * 20).Unix(),