Apple Store Connect 的 Python JSON Web 令牌 (JWT) GET 请求 401 错误

Posted 2023-03-10

【中文标题】Apple Store Connect 的 Python JSON Web 令牌 (JWT) GET 请求 401 错误

【英文标题】：Python JSON Web token (JWT) GET request 401 error with Apple Store Connect

【发布时间】：2020-05-10 04:39:38

【问题描述】：

为了生成 API 请求的令牌，苹果概述了 following steps。

key、kid 和 iss 均已验证可以工作。但是在下面的 python 脚本中，

import jwt
import requests

# pseudo, removed secret info
# read the file, currently binary but have tried string too
with open('AuthKey_4..._.p8', 'r+b') as keyfile:
    secret = keyfile.read()

expir = round(time.time() + 20 * 60)

# sign the token with the iss, time, key, and kid with the correct alg
token = jwt.encode('iss': '6...', 
                    'exp': f'expir', 
                    'aud': 'appstoreconnect-v1',
                    secret, algorithm='ES256', 
                    headers='alg': 'ES256', 'kid': '4...', 'typ': 'JWT')

# decode the bytes and create the get request header
s_token = token.decode('utf-8')
headers = 'Authorization': f'Bearer s_token'

# send the get request
r = requests.get('https://api.appstoreconnect.apple.com/v1/salesReports',
                 headers=headers)#, params=params)

r.json() 直接返回

'errors': ['status': '401',
   'code': 'NOT_AUTHORIZED',
   'title': 'Authentication credentials are missing or invalid.',
   'detail': 'Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens']

此外，错误消息中的链接似乎也已损坏。

我尝试以二进制和常规字符串表示形式读取.p8 文件。我尝试在令牌中传递不同的值，删除某些值等。我还尝试不将有效负载参数传递到 GET 请求中，这也会导致 401 错误。负载信息在here 中列出。任何帮助表示赞赏。

【问题讨论】：

'detail' 中的链接已为我转发到此网址developer.apple.com/documentation/appstoreconnectapi/…

好的，谢谢，然后转发到我之前在问题描述中提供的相同链接

我认为你错过了 'some':'payload' :- encoded = jwt.encode('some': 'payload', key, algorithm='HS256 ')

有效载荷是iss、exp和aud。你能说得更具体点吗？

【参考方案1】：

exp 不能是字符串...

import jwt
import requests

# pseudo, removed secret info
# read the file, currently binary but have tried string too
with open('AuthKey_4..._.p8', 'r+b') as keyfile:
    secret = keyfile.read()

expir = round(time.time() + 20 * 60)

# sign the token with the iss, time, key, and kid with the correct alg
token = jwt.encode('iss': '6...', 
                    'exp': expir, 
                    'aud': 'appstoreconnect-v1',
                    secret, algorithm='ES256', 
                    headers='alg': 'ES256', 'kid': '4...', 'typ': 'JWT')

# decode the bytes and create the get request header
s_token = token.decode('utf-8')
headers = 'Authorization': f'Bearer s_token'

# send the get request
r = requests.get('https://api.appstoreconnect.apple.com/v1/salesReports',
                 headers=headers)#, params=params)