Is there a way to verify my JWT Token? I have some python code that uses the pypi.org jwt module, and would like to verify that the token coming out of it is correct.
I am getting {"reason": "NOT_ENABLED"} and I would like to make sure that my token is constructed correctly.
I have seen a few others that have the "aud": entry in the header, but it's not mentioned in the documentation.
Further confusion over this documentation is the statement to use the "ES256" algorithm, but that requires .pem and a .pub files, but only a .p8 is supplied. (note I can extrapolate .pem and .pub files from the .p8, but that is not even discussed.
Can anyone from Apple chime in?
ag6hq
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Last seen
User for
From
Jurupa Valley, CA
Post
Replies
Boosts
Views
Activity
I created an identifier, but did not select "Sign In with Apple"
I created a key, and enabled the WeatherKit service.
I have a simple python script to retrieve from the API, but I am getting "NOT ENABLED"
import datetime
import time
# pip install requests PyJWT cryptography
import jwt
import requests
import json
from cryptography.hazmat.primitives.serialization import load_ssh_private_key
from hashlib import sha1
with open("/Users/don/.ssh/AuthKey_LBV5W26ZRJ.p8", "r") as f:
myKey = f.read()
# matches my service id
WEATHERKIT_SERVICE_ID = "net.ag6hq.sandysclock"
#This is my id, redacted here
WEATHERKIT_TEAM_ID = "<redacted>"
# this is my private key, redacted here
WEATHERKIT_KID = "<redacted>" # key ID
WEATHERKIT_KEY = myKey
WEATHERKIT_FULL_ID = f"{WEATHERKIT_TEAM_ID}.{WEATHERKIT_SERVICE_ID}"
thisLat = 34.03139251897727
thisLon = -117.41704704143667
def fetch_weatherkit(
lang="en",
lat="34.031392",
lon="-117.41704",
country="US",
timezone="US/Los_Angeles",
datasets = "currentWeather,forecastDaily,forecastHourly,forecastNextHour",
):
url = f"https://weatherkit.apple.com/api/v1/weather/{lang}/{lat}/{lon}?dataSets={datasets}&countryCode={country}&timezone={timezone}"
now = int(time.time())
exp = now + (3600 * 24)
token_payload = {
"sub": WEATHERKIT_SERVICE_ID,
"iss": WEATHERKIT_TEAM_ID,
"exp": exp,
"iat": now
}
token_header = {
"kid": WEATHERKIT_KID,
"id": WEATHERKIT_FULL_ID,
"alg": "ES256",
"typ": "JWT"
}
token = jwt.encode(token_payload, WEATHERKIT_KEY, headers=token_header, algorithm="ES256")
response = requests.get(url, headers={'Authorization': f'Bearer {token}'})
return response
####
End of Def
myFetch=fetch_weatherkit()
myStatus=myFetch.status_code
myJSON=myFetch.json()
print("myJSON=" + str(myJSON))
print("myStatus=" + str(myStatus))
This outputs:
python weatherkit.py
myJSON={'reason': 'NOT_ENABLED'}
myStatus=401
I get the same results if I use the jwt.io service to create a token and use curl
What am I doing wrong?