将 ES256 算法与 jwt-do.net 一起用于 Apple AppStore
[英]Using ES256 algorithm with jwt-dotnet for Apple AppStore
问题描述
I'm trying to generate a jwt token to connect to AppStore API. I'm using the jwt-do.net library to do this.
我正在尝试生成一个jwt令牌以连接到 AppStore API。我正在使用jwt-do.net库来执行此操作。
Apple requires ES256 to be used and the jwt-do.net is asking for a public key to do the job. Apple 要求使用ES256 ,而jwt-do.net要求提供公钥来完成这项工作。 I only downloaded a private key from AppStore.我只从 AppStore 下载了一个私钥。 How do I handle this?我该如何处理?
Here's my code:这是我的代码:
public static string GenerateAppStoreJwtToken()
{
var header = new Dictionary<string, object>()
{
{ "kid", "MY_VALUE" },
{ "typ", "JWT" }
};
var scope = new string[1] { "GET /v1/apps?filter[platform]=IOS" };
var payload = new Dictionary<string, object>
{
{ "iss", "MY_VALUE" },
{ "iat", DateTimeOffset.UtcNow.ToUnixTimeSeconds() },
{ "exp", DateTimeOffset.UtcNow.AddMinutes(20).ToUnixTimeSeconds() },
{ "aud", "appstoreconnect-v1" },
{ "scope", scope }
};
IJwtAlgorithm algorithm = new ES256Algorithm(???); // What am I going to use here?
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(header, payload, privateKey);
return token;
}
2 个解决方案
解决方案1
0 已采纳 2022-04-21 18:24:46
Here's the final solution that worked for me.这是对我有用的最终解决方案。 I ended up switching to jose-jwt but I'm pretty sure you can handle the same thing with jwt-dotnet .我最终切换到jose-jwt但我很确定你可以用jwt-dotnet处理同样的事情。 I just found working with jose-jwt a bit easier.我只是发现使用jose-jwt更容易一些。 Here's the link to jose-jwt : https://github.com/dvsekhvalnov/jose-jwt这是jose-jwt的链接: https ://github.com/dvsekhvalnov/jose-jwt
And here's the final code.这是最终的代码。 Please note that I did indeed use the private key I find in the p8 file and didn't have to convert anything.请注意,我确实使用了我在p8文件中找到的私钥,并且不需要进行任何转换。 So the privateKey parameter I'm passing to the GenerateAppStoreJwtToken() function comes directly from the p8 file.所以我传递给GenerateAppStoreJwtToken()函数的privateKey参数直接来自p8文件。
using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using Jose;
public static string GenerateAppStoreJwtToken(string privateKey)
{
var header = new Dictionary<string, object>()
{
{ "alg", "ES256" },
{ "kid", "MY_VALUE" },
{ "typ", "JWT" }
};
var scope = new string[1] { "GET /v1/apps?filter[platform]=IOS" };
var payload = new Dictionary<string, object>
{
{ "iss", "MY_VALUE" },
{ "iat", DateTimeOffset.UtcNow.ToUnixTimeSeconds() },
{ "exp", DateTimeOffset.UtcNow.AddMinutes(15).ToUnixTimeSeconds() },
{ "aud", "appstoreconnect-v1" },
{ "scope", scope }
};
CngKey key = CngKey.Import(Convert.FromBase64String(privateKey), CngKeyBlobFormat.Pkcs8PrivateBlob);
string token = JWT.Encode(payload, key, JwsAlgorithm.ES256, header);
return token;
}
解决方案2
0 2022-07-23 19:43:34
For anyone, like me, who usew JWT-dotnet elsewhere so doesn't want to use a different JWT package, this worked:对于像我这样在其他地方使用 JWT-dotnet 所以不想使用不同的 JWT 包的人来说,这行得通:
Converted the apple private key by removing the header and footer ("-----BEGIN PRIVATE KEY-----" etc) and removing the end of line characters to make a single string for easier storage.
通过删除页眉和页脚(“-----BEGIN PRIVATE KEY-----”等)并删除行尾字符以制作单个字符串以便于存储来转换苹果私钥。Convert from Base64 and store in a ReadOnlySpan
从 Base64 转换并存储在 ReadOnlySpanReadOnlySpan<byte> keyAsSpan = Convert.FromBase64String(key); var prvKey = ECDsa.Create(); prvKey.ImportPkcs8PrivateKey(keyAsSpan,out var read);Create the algorithm.
创建算法。 A blank ECDsa instance is needed to prevent an NullException but it is not needed just for signing the token, only verifying which isn't necessary.需要一个空白的 ECDsa 实例来防止 NullException,但它不仅仅用于签署令牌,只需要验证哪些不是必需的。IJwtAlgorithm algorithm = new ES256Algorithm(ECDsa.Create(), prvKey)
I was able to receive a reply token from apple using this method.我能够使用这种方法从苹果收到回复令牌。
解决方案3
-1 2023-01-29 20:26:02
CNGKey is not working on macOS. CNGKey 不适用于 macOS。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.