我需要为Store Connect API生成JWT令牌。我尝试使用ruby-jwt宝石。这是我的令牌生成代码,
payload = {
'iss': my_issuer_id_from_db,
'exp': generated_unix_timestamp, #Time.now + 20min
'aud': 'hard_coded_string_from_doc'
}
header = {
'alg': 'ES256',
'kid': my_key_id_from_db,
'typ': 'JWT'
}
private_key = OpenSSL::PKey.read(File.read('/tmp/private_key.pem'))
# private_key - <OpenSSL::PKey::EC:0x000000000XXXXXXX>
@token = JWT.encode(payload, private_key, 'ES256', header)
# encoded_header.encoded_payload.emcoded_signature
我将这个令牌放在请求头中:
headers = { Authorization: 'Bearer' + @token }
我收到的响应是:
"errors": [{
"status": "401",
"code": "NOT_AUTHORIZED",
"title": "Authentication credentials are missing or invalid.",
"detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens"
}]
}
我认为问题在于令牌(直接与签名有关)。当我尝试使用在线工具解码令牌时,我的有效负载和标头都被正确解码。状态:无效签名。
我做错了什么?有没有任何想法如何正确执行?