ItunesConnectApi JWT
ItunesConnectApi JWT
我正在尝试使用 App Store Connect API。
根据 docs,首先我尝试生成 JWT 令牌。
这是 golang 中的代码:
package main
import (
"fmt"
"io/ioutil"
"log"
"time"
"github.com/dgrijalva/jwt-go"
)
var iss = "xxxxxxxxxxxxxxxxxxxxx"
var kid = "xxxxx"
func main() {
bytes, err := ioutil.ReadFile("AuthKey.p8")
if err!=nil {
fmt.Println(err)
}
token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{
"iss": iss,
"exp": time.Now().Unix()+6000,
"aud": "appstoreconnect-v1",
})
token.Header["kid"] = kid
tokenString, err := token.SignedString(bytes)
if err != nil {
log.Fatal(err)
}
fmt.Println(tokenString)
}
AuthKey.p8 - 来自 https://appstoreconnect.apple.com/access/api
的 p8 私钥
似乎 jwt lib 不能在签名键上使用这个 p8,所以我收到错误:
key is of invalid type
也许有人已经遇到了同样的问题?或者有其他语言的示例?
更新:
我已将代码更新为:
func main() {
bytes, err := ioutil.ReadFile("AuthKey.p8")
if err!=nil {
fmt.Println(err)
}
block, _ := pem.Decode(bytes)
key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
log.Fatal(err)
}
token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{
"iss": iss,
"exp": time.Now().Unix()+6000,
"aud": "appstoreconnect-v1",
})
token.Header["kid"] = kid
tokenString, err := token.SignedString(key)
if err != nil {
log.Fatal(err)
}
fmt.Println(tokenString)
}
并获取了 JWT 令牌,但是当我尝试使用它时,它从苹果那里得到了 401 api。
{
"errors": [{
"status": "401",
"code": "NOT_AUTHORIZED",
"title": "Authentication credentials are missing or invalid.",
"detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens"
}]
}
似乎这个问题来自 jwt-go 库的 issue。
作者说:
The library will not automatically parse your key from a byte slice. For ES256, I believe you need to provide a key of type *ecdsa.PrivateKey. As of v4, this will also accept a crypto.Signer so long as it produces a valid signature for that signing method.
你可以试试this code example。
发现问题,将"exp": time.Now().Unix()+6000,替换为"exp": time.Now().Add(time.Minute * 20).Unix(),
我正在尝试使用 App Store Connect API。 根据 docs,首先我尝试生成 JWT 令牌。 这是 golang 中的代码:
package main
import (
"fmt"
"io/ioutil"
"log"
"time"
"github.com/dgrijalva/jwt-go"
)
var iss = "xxxxxxxxxxxxxxxxxxxxx"
var kid = "xxxxx"
func main() {
bytes, err := ioutil.ReadFile("AuthKey.p8")
if err!=nil {
fmt.Println(err)
}
token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{
"iss": iss,
"exp": time.Now().Unix()+6000,
"aud": "appstoreconnect-v1",
})
token.Header["kid"] = kid
tokenString, err := token.SignedString(bytes)
if err != nil {
log.Fatal(err)
}
fmt.Println(tokenString)
}
AuthKey.p8 - 来自 https://appstoreconnect.apple.com/access/api
的 p8 私钥似乎 jwt lib 不能在签名键上使用这个 p8,所以我收到错误:
key is of invalid type
也许有人已经遇到了同样的问题?或者有其他语言的示例?
更新:
func main() {
bytes, err := ioutil.ReadFile("AuthKey.p8")
if err!=nil {
fmt.Println(err)
}
block, _ := pem.Decode(bytes)
key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
log.Fatal(err)
}
token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{
"iss": iss,
"exp": time.Now().Unix()+6000,
"aud": "appstoreconnect-v1",
})
token.Header["kid"] = kid
tokenString, err := token.SignedString(key)
if err != nil {
log.Fatal(err)
}
fmt.Println(tokenString)
}
并获取了 JWT 令牌,但是当我尝试使用它时,它从苹果那里得到了 401 api。
{
"errors": [{
"status": "401",
"code": "NOT_AUTHORIZED",
"title": "Authentication credentials are missing or invalid.",
"detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens"
}]
}
似乎这个问题来自 jwt-go 库的 issue。
作者说:
The library will not automatically parse your key from a byte slice. For ES256, I believe you need to provide a key of type *ecdsa.PrivateKey. As of v4, this will also accept a crypto.Signer so long as it produces a valid signature for that signing method.
你可以试试this code example。
发现问题,将"exp": time.Now().Unix()+6000,替换为"exp": time.Now().Add(time.Minute * 20).Unix(),