Generating a JWT for Apple's DeviceCheck API
I'm attempting to use the DeviceCheck API from Apple. I can't seem to craft a request that doesn't fail with a 401 Unable to verify authorization token I've tried a handful of minor variations.
import java.security.KeyFactory
import java.security.spec.PKCS8EncodedKeySpec
import java.util.Base64
import io.jsonwebtoken.{Jwts, SignatureAlgorithm}
val deviceCheckPrivateKey = "<Key in plaintext without the key-guards>"
val privateKey = KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder.decode(deviceCheckPrivateKey)))
val builder = Jwts
.builder()
.setHeaderParam("kid", "<key-id-from-file>")
.signWith(SignatureAlgorithm.ES256, privateKey)
.claim("iss", "<team-id>")
.claim("iat", System.currentTimeMillis())
println(builder.compact())
I take the output of this scratch file and plug it in here:
curl -i -H "Authorization: Bearer <Output>" -X POST --data-binary @ValidQueryRequest.json https://api.development.devicecheck.apple.com/v1/query_two_bits
as recommended by Apple's documentation.
Is the overall structure of this right? I'm trying to follow this tutorial which implies this structuring:
But this blurb from Apple:
Each request you send to the query and update endpoints must include an authorization header that contains your authentication key. The authentication key must must use the ES256 algorithm and be in the Base 64 URL–encoded JSON web token format. If your token doesn't use this format, you receive a BAD_AUTHENTICATION_TOKEN HTTP error.
Suggests that rather than signing using the key, my request should "contain my authentication key".
According to: https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6
val builder = Jwts
.builder()
.setHeaderParam("kid", "<key-id-from-file>")
.signWith(SignatureAlgorithm.ES256, privateKey)
.claim("iss", "<team-id>")
.claim("iat", System.currentTimeMillis()) // <--- Should be seconds, not milliseconds
- The type or namespace name 'MauiWinUIApplication' does not exist in the namespace 'Microsoft.Maui'
- How to fix "The requested app is not available or doesn't exist." in Testflight
- Get safe area inset top and bottom heights
- (When) Does CACurrentMediaTime/mach_system_time wrap around on iOS?
- SwiftUI sheet size becomes 0 when changing theme (iOS 16 bug?)
- iOS PHAsset to check if a video is HEVC or H.264
- Saving PDF Files with Swift in iOS and display them
- Xcode stuck in "Uploading package to the App Store" stage while uploading
- CGColor does not behave correctly in dark mode when used in dispatch queue
- Xcode "Missing package product 'GoogleUtilities_UserDefaults'" after updating to latest package version using SPM
- How to animate substring in a Text?
- What happens when retroactive conformance actually conflict in Swift
- BoringSSL-GRPC unsupported option '-G' for target 'arm64-apple-ios15.0'
- Generating an IPA file for a flutter project without a paid dev account
- How to navigate in SwiftUI while also executing logic and creating a new Object?
- iOS9 developer trust app no internet connection error
- My theos tweak stops working after adding a custom dylib file to it
- didReceiveRemoteNotification: fetchCompletionHandler: open from icon vs push notification
- What am I doing wrong with the Pocket API for Objective-C that's causing archive commands to fail?
- Facebook SDK API IOS Error when posting to user's wall
- Which is the most reliable way to use a API. integrating/downloading an SDK to your application, or using the URL-HTTP-GET method
- How can I find exactly what my codesign identity is?
- Core Data background context best practice
- How to solve error HE0004: Could not load the framework 'ContentDeliveryServices' in Visual Studio 2022
- how to put badge on UIBarButtonItem in swift 4?
- How to acheive continuous animation when switching State in SwiftUI?
- Parsing JSON in Swift Error: Expected to decode Array<Any> but found a dictionary instead
- Xcode project not showing list of simulators
- Best way to handle mask and image
- Can I access the App Store from within the iOS Simulator?