Search code examples
pythonjwtapple-sign-indevicecheck

How to generate apple authorization token/client secret?

How can I generate an authorization code/client secret in python for apple sign in and device check?

Solution
    1. First of all we need to generate a app specific p8 file (pem formatted private key) do the following for this:
    • go to your apple developer portal, under certificates identifiers & profiles apple => keys
    • click the + sign and create a key with the services you want to use it for
    • then download the p8 file (be cautious not to lose it you cannot download it again)
    • also copy the key id you will need it later
    1. in python install pyjwt and do the following:
    • create a payload dict:
             
data = {
    "iss": "team_id", # team id of your developer account this can be found in your apple developer portal => identifier of your app => "App ID prefix"
    "iat": timestamp_now, # creation timestamp in seconds
    "exp": timestamp_exp, # expiration timestamp in seconds (max 20 mins) see 
    "aud": "https://appleid.apple.com",
    "sub": client_id # your bundle
}
    • open and read the private key (you downloaded in step 1) into a variable
    with open("filename.p8", "r") as f:
    private_key = f.read()
    • generate your signed jwt token:
    token = jwt.encode(payload=data, key=private_key, algorithm="ES256", headers={
    "kid":key_id # the key id is the id u saved in step 1
}).decode()
    • jwt.encode returns bytes if you want it as a string you need to decode it as I did

    the complete code will look like this

    import jwt

def generate_token():
        with open("filename.p8", "r") as f:
            private_key = f.read()
        team_id = "teamid"
        client_id = "bundle.id"
        key_id = "keyid"
        validity_minutes = 20
        timestamp_now = int(utils.time_stamp_seconds())
        timestamp_exp = timestamp_now + (60 * validity_minutes)
        cls.last_token_expiration = timestamp_exp
        data = {
                "iss": team_id,
                "iat": timestamp_now,
                "exp": timestamp_exp,
                "aud": "https://appleid.apple.com",
                "sub": client_id
            }
        token = jwt.encode(payload=data, key=private_key, algorithm="ES256", headers={"kid": key_id}).decode()