Is there a way to verify my JWT Token? I have some python code that uses the pypi.org jwt module, and would like to verify that the token coming out of it is correct.
I am getting {"reason": "NOT_ENABLED"} and I would like to make sure that my token is constructed correctly.
I have seen a few others that have the "aud": entry in the header, but it's not mentioned in the documentation.
Further confusion over this documentation is the statement to use the "ES256" algorithm, but that requires .pem and a .pub files, but only a .p8 is supplied. (note I can extrapolate .pem and .pub files from the .p8, but that is not even discussed.
Can anyone from Apple chime in?
Post
Replies
Boosts
Views
Activity
I created an identifier, but did not select "Sign In with Apple"
I created a key, and enabled the WeatherKit service.
I have a simple python script to retrieve from the API, but I am getting "NOT ENABLED"
import datetime
import time
# pip install requests PyJWT cryptography
import jwt
import requests
import json
from cryptography.hazmat.primitives.serialization import load_ssh_private_key
from hashlib import sha1
with open("/Users/don/.ssh/AuthKey_LBV5W26ZRJ.p8", "r") as f:
myKey = f.read()
# matches my service id
WEATHERKIT_SERVICE_ID = "net.ag6hq.sandysclock"
#This is my id, redacted here
WEATHERKIT_TEAM_ID = "<redacted>"
# this is my private key, redacted here
WEATHERKIT_KID = "<redacted>" # key ID
WEATHERKIT_KEY = myKey
WEATHERKIT_FULL_ID = f"{WEATHERKIT_TEAM_ID}.{WEATHERKIT_SERVICE_ID}"
thisLat = 34.03139251897727
thisLon = -117.41704704143667
def fetch_weatherkit(
lang="en",
lat="34.031392",
lon="-117.41704",
country="US",
timezone="US/Los_Angeles",
datasets = "currentWeather,forecastDaily,forecastHourly,forecastNextHour",
):
url = f"https://weatherkit.apple.com/api/v1/weather/{lang}/{lat}/{lon}?dataSets={datasets}&countryCode={country}&timezone={timezone}"
now = int(time.time())
exp = now + (3600 * 24)
token_payload = {
"sub": WEATHERKIT_SERVICE_ID,
"iss": WEATHERKIT_TEAM_ID,
"exp": exp,
"iat": now
}
token_header = {
"kid": WEATHERKIT_KID,
"id": WEATHERKIT_FULL_ID,
"alg": "ES256",
"typ": "JWT"
}
token = jwt.encode(token_payload, WEATHERKIT_KEY, headers=token_header, algorithm="ES256")
response = requests.get(url, headers={'Authorization': f'Bearer {token}'})
return response
####
End of Def
myFetch=fetch_weatherkit()
myStatus=myFetch.status_code
myJSON=myFetch.json()
print("myJSON=" + str(myJSON))
print("myStatus=" + str(myStatus))
This outputs:
python weatherkit.py
myJSON={'reason': 'NOT_ENABLED'}
myStatus=401
I get the same results if I use the jwt.io service to create a token and use curl
What am I doing wrong?