How to Generate JWT token Apple connect iOS

Question

I'm trying to generate a JWT token for Apple Connect but It's look like something is missing in the "Verify signature" field.

1. From the API Apple Store Connect dashboard, I'm only able to download the "private key" name AuthKey_{kid}.p8.
2. From https://jwt.io/, I select the "ALGORITHM" as "ES256" then two field appears in the "SIGNATURE" section:
   a) Public key or certificate
   b) Private key or certificate (AuthKey_{kid}.p8)

Issue :

• I do have the "Invalid Signature" message displaying ...
• I don't have any idea where to find the "Public key or cerficate"

I'm following these docs :

• https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests
• https://medium.com/xcblog/generating-jwt-tokens-for-app-store-connect-api-2b2693812a35

Do you have any idea how to fix find the "Public key"?

Answer 1

The .p8 file includes the private and public keys. You need to extract those using OpenSSL.

To get the private key:

$ openssl ec -in AuthKey.p8 -out AuthKey_private.p8

To get the public key:

$ openssl ec -in AuthKey.p8 -pubout -out AuthKey_public.p8

Using keys generated via these commands got the signature verified on jwt.io.

Answer 2

Try Below Code:

/* eslint-disable no-console */
const jwt = require('jsonwebtoken')
const fs = require('fs')


// issueId and kId get from https://appstoreconnect.apple.com/access/api
const issueId = 'xxxx'
const kId = 'xxxx' 

// generate private key from https://appstoreconnect.apple.com/access/api
const privateKey = fs.readFileSync('AuthKey_xxxx.p8')

// appId get it from https://appstoreconnect.apple.com/apps
const url = 'v1/apps/{{appId}}/customerReviews'     
const payload = {
    iss: issueId,
    iat: Math.floor(Date.now() / 1000),
    exp: Math.floor(Date.now() / 1000) + (60 * 20), // Token expiration time (20 minutes)    
    aud: 'appstoreconnect-v1',
    scope: [
        'GET /' + url
    ]
}

const header = {
    keyid: kId,
    algorithm: 'ES256'
}

const token = jwt.sign(payload, privateKey, header)

console.log({ token })

const fetch = require('node-fetch')

const headers = {
    'Authorization': `Bearer ${token}`,
    'Content-Type': 'application/json',
}

fetch('https://api.appstoreconnect.apple.com/' + url, {
    headers
}).then(resp => (
    resp.json()
)).then(data => {
    console.log(data)
}).catch(err => {
    console.log(err)
})
// Now use 'token' as the Bearer token in your API requests