[英]Using ES256 algorithm with jwt-dotnet for Apple AppStore
I'm trying to generate a jwt
token to connect to AppStore API. I'm using the jwt-do.net library to do this.我正在尝试生成一个
jwt
令牌以连接到 AppStore API。我正在使用jwt-do.net库来执行此操作。
Apple requires ES256
to be used and the jwt-do.net
is asking for a public key to do the job. Apple 要求使用
ES256
,而jwt-do.net
要求提供公钥来完成这项工作。 I only downloaded a private key from AppStore.我只从 AppStore 下载了一个私钥。 How do I handle this?
我该如何处理?
Here's my code:这是我的代码:
public static string GenerateAppStoreJwtToken()
{
var header = new Dictionary<string, object>()
{
{ "kid", "MY_VALUE" },
{ "typ", "JWT" }
};
var scope = new string[1] { "GET /v1/apps?filter[platform]=IOS" };
var payload = new Dictionary<string, object>
{
{ "iss", "MY_VALUE" },
{ "iat", DateTimeOffset.UtcNow.ToUnixTimeSeconds() },
{ "exp", DateTimeOffset.UtcNow.AddMinutes(20).ToUnixTimeSeconds() },
{ "aud", "appstoreconnect-v1" },
{ "scope", scope }
};
IJwtAlgorithm algorithm = new ES256Algorithm(???); // What am I going to use here?
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(header, payload, privateKey);
return token;
}
Here's the final solution that worked for me.这是对我有用的最终解决方案。 I ended up switching to
jose-jwt
but I'm pretty sure you can handle the same thing with jwt-dotnet
.我最终切换到
jose-jwt
但我很确定你可以用jwt-dotnet
处理同样的事情。 I just found working with jose-jwt
a bit easier.我只是发现使用
jose-jwt
更容易一些。 Here's the link to jose-jwt
: https://github.com/dvsekhvalnov/jose-jwt这是
jose-jwt
的链接: https ://github.com/dvsekhvalnov/jose-jwt
And here's the final code.这是最终的代码。 Please note that I did indeed use the private key I find in the
p8
file and didn't have to convert anything.请注意,我确实使用了我在
p8
文件中找到的私钥,并且不需要进行任何转换。 So the privateKey
parameter I'm passing to the GenerateAppStoreJwtToken()
function comes directly from the p8
file.所以我传递给
GenerateAppStoreJwtToken()
函数的privateKey
参数直接来自p8
文件。
using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using Jose;
public static string GenerateAppStoreJwtToken(string privateKey)
{
var header = new Dictionary<string, object>()
{
{ "alg", "ES256" },
{ "kid", "MY_VALUE" },
{ "typ", "JWT" }
};
var scope = new string[1] { "GET /v1/apps?filter[platform]=IOS" };
var payload = new Dictionary<string, object>
{
{ "iss", "MY_VALUE" },
{ "iat", DateTimeOffset.UtcNow.ToUnixTimeSeconds() },
{ "exp", DateTimeOffset.UtcNow.AddMinutes(15).ToUnixTimeSeconds() },
{ "aud", "appstoreconnect-v1" },
{ "scope", scope }
};
CngKey key = CngKey.Import(Convert.FromBase64String(privateKey), CngKeyBlobFormat.Pkcs8PrivateBlob);
string token = JWT.Encode(payload, key, JwsAlgorithm.ES256, header);
return token;
}
For anyone, like me, who usew JWT-dotnet elsewhere so doesn't want to use a different JWT package, this worked:对于像我这样在其他地方使用 JWT-dotnet 所以不想使用不同的 JWT 包的人来说,这行得通:
Converted the apple private key by removing the header and footer ("-----BEGIN PRIVATE KEY-----" etc) and removing the end of line characters to make a single string for easier storage.通过删除页眉和页脚(“-----BEGIN PRIVATE KEY-----”等)并删除行尾字符以制作单个字符串以便于存储来转换苹果私钥。
Convert from Base64 and store in a ReadOnlySpan从 Base64 转换并存储在 ReadOnlySpan
ReadOnlySpan<byte> keyAsSpan = Convert.FromBase64String(key); var prvKey = ECDsa.Create(); prvKey.ImportPkcs8PrivateKey(keyAsSpan,out var read);
Create the algorithm.创建算法。 A blank ECDsa instance is needed to prevent an NullException but it is not needed just for signing the token, only verifying which isn't necessary.
需要一个空白的 ECDsa 实例来防止 NullException,但它不仅仅用于签署令牌,只需要验证哪些不是必需的。
IJwtAlgorithm algorithm = new ES256Algorithm(ECDsa.Create(), prvKey)
I was able to receive a reply token from apple using this method.我能够使用这种方法从苹果收到回复令牌。
CNGKey is not working on macOS. CNGKey 不适用于 macOS。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.