ruby - 为 App Store Connect API 生成 token

Question

我需要为 Store Connect API 生成 JWT token .我正在尝试使用 jwt ruby​​ gem ruby-jwt .这是我的 token 生成代码，

payload = {
      'iss': my_issuer_id_from_db,
      'exp': generated_unix_timestamp, #Time.now + 20min
      'aud': 'hard_coded_string_from_doc'
  }
  header = {
      'alg': 'ES256',
      'kid': my_key_id_from_db,
      'typ': 'JWT'
  }

private_key = OpenSSL::PKey.read(File.read('/tmp/private_key.pem'))
# private_key - <OpenSSL::PKey::EC:0x000000000XXXXXXX>

@token = JWT.encode(payload, private_key, 'ES256', header)
# encoded_header.encoded_payload.emcoded_signature

我放入请求 header 的这个 token :

headers = { Authorization: 'Bearer' + @token }

我收到的回复:

        "errors": [{
                "status": "401",
                "code": "NOT_AUTHORIZED",
                "title": "Authentication credentials are missing or invalid.",
                "detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens"
        }]
}

我认为问题出在 token 上(直接带有签名)。当我尝试使用 online tool 解码 token 时，我的有效负载和 header 已正确解码。状态:签名无效

我做错了什么？任何想法如何正确地做到这一点？

Answer 1

我遇到了类似的身份验证错误，即 NOT_AUTHORIZED。我按照以下步骤解决了它:

1。创建 Ruby 脚本文件以生成有效的 Bearer token :

引用: https://medium.com/xcblog/generating-jwt-tokens-for-app-store-connect-api-2b2693812a35

require "base64"
require "jwt"
ISSUER_ID = "YOUR_ISSUER_ID"
KEY_ID = "YOUR PRIVATE KEY ID"    // this is ID part from downloaded .p8 file name (see below for ref.)
private_key = OpenSSL::PKey.read(File.read(path_to_your_private_key/AuthKey_#{KEY_ID}.p8))   // you can enclose your file path in quotes if needed, and can pass here totally static file path (here we are reusing Key_ID variable)

token = JWT.encode(
   {
    iss: ISSUER_ID,
    exp: Time.now.to_i + 20 * 60,
    aud: "appstoreconnect-v1"
   },
   private_key,
   "ES256",
   header_fields={
       kid: KEY_ID }
)
puts token

然后在您的 Mac 上使用以下命令运行此脚本。

$ruby jwt.rb

这将在您的终端屏幕上显示一个有效的 Bearer token ，您可以在下一步中使用它。

Notes:

• In order to run above script, you'll need to have ruby installed.
• You'll copy Issuer ID from you Developer account. Generate one if you don't have it.
• Make sure you are using '.p8' certificate against authenticated user, which means the account against which you downloaded '.p8' certificate should have permission to perform API level operation. For my case I used Admin type account. Initially I was using Developer type user account which kept giving me Not_Authorized error when I go for final Curl call to get the token.

2。使用 token :

现在，我们已经了解了如何生成访问 App Store Connect API 的 token ，我们可以通过传递授权 header 来使用它。例如，获取我们可以使用的所有用户的列表

$ curl  https://api.appstoreconnect.apple.com/v1/users --Header "Authorization: Bearer lOOOOOOOOOOOONG_GENERATED_TOKEN"

这将列出 App Store Connect 的所有用户。请记住，我们必须在发出的每个请求中使用此 token ，并且我们必须在每 20 分钟后创建一个新 token 。