'What does "Signature Verified" result from jwt.io mean?
I am creating a jwt using the header, payload and prvate key provided by Apple. I get "Signature Verified" result using public key and generated token in jwt.io. But when I make a request to the api provided by apple, I get 401 Unauthorized error. Where could the problem be?
So, could the wrong values in the header or payload cause this?
public function index()
{
$header = [
'alg' => 'ES256',
'kid' => 'Apple Key ID',
'typ' => 'JWT'
];
$payload = [
'iss' => 'My issuer ID',
'iat' => 1652340963,
'exp' => 1672344563,
'aud' => 'appstoreconnect-v1',
'bid' => 'My app’s bundle ID'
];
$pem_content = <<<EOD
-----BEGIN PRIVATE KEY-----
XXXX MY PRIVATE KEY XXXX
-----END PRIVATE KEY-----
EOD;
$privKey = openssl_pkey_get_private($pem_content);
$dataa = $this->encode(json_encode($header)) . '.' . $this->encode(json_encode($payload));
$signature = '';
$success = openssl_sign($dataa, $signature, $privKey, OPENSSL_ALGO_SHA256);
$raw_signature = $this->fromDER($signature, 64);
$jwt= $dataa . '.' . $this->encode($raw_signature);
}
Or could my request be wrong?
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.storekit.itunes.apple.com/inApps/v1/refund/lookup/1234');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
$headers = array();
$headers[] = 'Authorization: Bearer ' . $jwt;
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close($ch);
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|