I am using Xcode10, Swift 5 and SwiftJWT to generate JSON Web token in order to authenticate Device Check API. Below is the method
let key8 = """
-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCq...
-----END PRIVATE KEY-----
"""
let myHeader = Header(kid: m_key)
struct MyClaims: Claims {
let iat: Date
let iss: String
}
var jwt = JWT(header: myHeader, claims: MyClaims(iat: Date(timeIntervalSinceNow: 3600), iss: m_iss))
let privateKey = key8.data(using: .utf8)!
let rsaJWTEncoder = JWTEncoder(jwtSigner: JWTSigner.es256(privateKey: privateKey))
do {
let jwtString = try rsaJWTEncoder.encodeToString(jwt)
print("endcode header: \(jwtString)")
} catch {
print("Failed to encode JWT: \(error)")
}
}
getting the result something like eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIs...
Using the above header to connect the Apple server. I keep getting this response from Apple’s server: 401 Unable to verify authorization token.
I am also trying to create JSON Web token from jwt
but same error. Any help would be appreciated. Thanks in advance
I tried multiple ways to resolve the issue. But what worked for me, describing here step by step how to get device two bits status using DeviceCheck API.
Step 1- Generate Token
let currentDevice = DCDevice.current
if currentDevice.isSupported {
currentDevice.generateToken(completionHandler: { (data, error) in
if let tokenData = data {
print("Token: \(tokenData)")
} else {
print("Error: \(error?.localizedDescription ?? "")")
}
})
}
Step 2 - Accessing and Modifying Per-Device Data
Create an APNs authentication token signing key
1- In your developer account, go to Certificates, Identifiers & Profiles.
2 - Under Keys, select All and click the Add button (+) in the upper-right corner.
3- Under Key Description, enter a unique name for the signing key.
4- Under Key Services, select the APNs checkbox, then click Continue.
5- Review the key configuration, then click Confirm.
6- Optionally, click Download to generate and download the key now. If you download the key, it is saved as a text file with a .p8 file extension. Save the file in a secure place because the key is not saved in your developer account and you won’t be able to download it again.
7- Click Done.
Step 3- Create the Payload for a Query Request
func generateJWTToken() -> String{
let key8 = """
-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49...
-----END PRIVATE KEY-----
"""
let myHeader = Header(kid: "2YHFSDF45")
let timeStamp = Date.currentTimeStamp
let teamId = "xyz"
let jwt = JWT(header: myHeader, claims: MyClaims(iat:timeStamp, iss: teamId))
let privateKey = key8.data(using: .utf8)!
let rsaJWTEncoder = JWTEncoder(jwtSigner: JWTSigner.es256(privateKey: privateKey))
do {
let jwtString = try rsaJWTEncoder.encodeToString(jwt)
//print(jwtString)
return jwtString
} catch {
print("Failed to encode JWT: \(error)")
}
return ""
}
Step 4- Query DeviceCheckApi
To get the two bits state of a device, we will make a HTTP request Using Alamofire to https://api.devicecheck.apple.com/v1/query_two_bits
//MARK:- method call device check API
func callAppleDeviceCheckApi(_ token: String){
let mUrl : URL = NSURL(string: "https://api.devicecheck.apple.com/v1/query_two_bits") as! URL
let mHeaders = generateJWTToken()
let mDeviceToken = token
let mTimeStampMili = Date.currentTimeStampMili
let headers: HTTPHeaders = ["Authorization": "Bearer "+mHeaders,
"Content-Type" : "application/json"]
let params = ["device_token": mDeviceToken, "transaction_id": "dfgsdfgddfc", "timestamp": mTimeStampMili] as [String : Any]
var request = URLRequest(url: mUrl)
request.httpMethod = "POST"
request.headers = headers
request.httpBody = try! JSONSerialization.data(withJSONObject: params)
AF.request(request).responseString(){
response in
switch response.result {
case .success(let value):
let json = JSON(value)
//print("JSON: \(json)")
case .failure(let error):
print("ERROR: \(error)")
}
}
}