'What does "Signature Verified" result from jwt.io mean?

I am creating a jwt using the header, payload and prvate key provided by Apple. I get "Signature Verified" result using public key and generated token in jwt.io. But when I make a request to the api provided by apple, I get 401 Unauthorized error. Where could the problem be?

So, could the wrong values ​​in the header or payload cause this?

 public function index()
    {

        $header = [
            'alg' => 'ES256',
            'kid' => 'Apple Key ID',
            'typ' => 'JWT'
        ];
        $payload = [
            'iss' => 'My issuer ID',
            'iat' => 1652340963,
            'exp' => 1672344563,
            'aud' => 'appstoreconnect-v1',
            'bid' => 'My app’s bundle ID'
        ];
       

        $pem_content = <<<EOD
        -----BEGIN PRIVATE KEY-----
        XXXX MY PRIVATE KEY XXXX
        -----END PRIVATE KEY-----
        EOD;

        $privKey = openssl_pkey_get_private($pem_content);
        $dataa = $this->encode(json_encode($header)) . '.' . $this->encode(json_encode($payload));
        
        $signature = '';
        $success = openssl_sign($dataa, $signature, $privKey, OPENSSL_ALGO_SHA256);
        $raw_signature = $this->fromDER($signature, 64);
        $jwt= $dataa . '.' . $this->encode($raw_signature);
   
}

Or could my request be wrong?

$ch = curl_init();

        curl_setopt($ch, CURLOPT_URL, 'https://api.storekit.itunes.apple.com/inApps/v1/refund/lookup/1234');
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');


        $headers = array();
        $headers[] = 'Authorization: Bearer ' . $jwt;
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        $result = curl_exec($ch);
        if (curl_errno($ch)) {
            echo 'Error:' . curl_error($ch);
        }
        curl_close($ch);


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source