I am trying to create a JWT token for apple search ads like in this example : https://developer.apple.com/documentation/apple_search_ads/implementing_oauth_for_the_apple_search_ads_api
I generated my private key like this:
openssl ecparam -genkey -name prime256v1 -noout -out private-key.pem
and public key like this:
openssl ec -in private-key.pem -pubout -out public-key.pem
then I did like this :
import jwt
import datetime as dt
client_id = "SEARCHADS.XXXXXXXXXXXXXXXXXXXXXXX"
team_id = "SEARCHADS.XXXXXXXXXXXXXXXXXXXXXXX"
key_id = "XXXXXXXXXXXXXXXXXXXXXXX"
audience = "https://appleid.apple.com"
alg = "ES256"
# Define issue timestamp.
issued_at_timestamp = int(dt.datetime.utcnow().timestamp())
# Define expiration timestamp. May not exceed 180 days from issue timestamp.
expiration_timestamp = issued_at_timestamp + 86400 * 180
# Define JWT headers.
headers = dict()
headers["alg"] = alg
headers["kid"] = key_id
# Define JWT payload.
payload = dict()
payload["sub"] = client_id
payload["aud"] = audience
payload["iat"] = issued_at_timestamp
payload["exp"] = expiration_timestamp
payload["iss"] = team_id
# Path to signed private key.
KEY_FILE = "private-key.pem"
with open(KEY_FILE, "r") as key_file:
key = "".join(key_file.readlines())
client_secret = jwt.encode(payload=payload, headers=headers, algorithm=alg, key=key)
with open("client_secret.txt", "w") as output:
output.write(client_secret.decode("utf-8"))
SearchAds_PrivateKey.pem is like this:
-----BEGIN EC PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END EC PRIVATE KEY-----
The token generated has an invalid signature on jwt.io.
I found this topic: KJUR jws jsrsasign: Cannot validate ES256 token on JWT.io and I tried the solution but it does not work for me
The steps you have taken are correct. For testing jwt in jwt.io as you see in the picture below you should fill the
EncodedandVERIFY SIGNATUREsections with your JWT and your public key respectively. Then you'll see that the signature will be verified!