Post

Replies

Boosts

Views

Activity

JWT authentication with App Store server always 401
I have the following implementation in JS/Node for interacting with App Store server, yet all responses are 401 Unauthorized: % curl -v -H 'Authorization: Bearer ***' "https://api.storekit-sandbox.itunes.apple.com/inApps/v1/subscriptions/4" * Trying 17.56.138.10... * TCP_NODELAY set * Connected to api.storekit-sandbox.itunes.apple.com (17.56.138.10) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: *  CAfile: /etc/ssl/cert.pem  CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 * ALPN, server accepted to use h2 * Server certificate: * subject: businessCategory=Private Organization; jurisdictionCountryName=US; jurisdictionStateOrProvinceName=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; OU=management:idms.group.506364; CN=commercegateway.itunes.apple.com * start date: Jun 4 18:57:38 2021 GMT * expire date: Jul 4 18:57:37 2022 GMT * subjectAltName: host "api.storekit-sandbox.itunes.apple.com" matched cert's "api.storekit-sandbox.itunes.apple.com" * issuer: C=US; O=Apple Inc.; CN=Apple Public EV Server RSA CA 2 - G1 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x7fca1e00d600) > GET /inApps/v1/subscriptions/4 HTTP/2 > Host: api.storekit-sandbox.itunes.apple.com > User-Agent: curl/7.64.1 > Accept: */* > Authorization: Bearer *** >  * Connection state changed (MAX_CONCURRENT_STREAMS == 1024)! < HTTP/2 401  < server: daiquiri/3.0.0 < date: Thu, 26 Aug 2021 02:57:57 GMT < content-type: text/plain < strict-transport-security: max-age=31536000; includeSubDomains < x-apple-jingle-correlation-key: KPN55ROQH3BLNL2AG7S7NEFZHA < x-daiquiri-instance: daiquiri:17578001:mr85p00it-hyhk04164801:7987:21RELEASE140:daiquiri-amp-commerce-clients-ext-002-mr <  Unauthenticated Request ID: KPN55ROQH3BLNL2AG7S7NEFZHA.0.0 * Connection #0 to host api.storekit-sandbox.itunes.apple.com left intact * Closing connection 0 The header is hashed with ES256 as follows: function jwtHeader() { let d = new Date() d.setHours(d.getHours() + 1) return { "iss": issuerID, "iat": Math.floor(new Date().getTime()/1000), "exp": Math.floor(d.getTime()/1000), "aud": "appstoreconnect-v1", "nonce": Utils.uuid(), "bid": bundleID } } function headerHash(cb) { fs.readFile(appleKeys.p8, 'utf-8', function(err, key) { if (err) return cb(err) let headers = jwtHeader() console.log(headers) jwt.sign(headers, key, { algorithm: 'ES256' }, cb) }) } My In-App Purchase Key ID is completely unused. Besides registering a callback for notifications, I can't find anywhere to register my URL. In short, I can't tell what's not configured or carried out improperly on my end.
4
0
5.4k
Aug ’21
Disconnect between Xcode IAP and App Store server
I'm trying to interact with the App Store server based on transactions within Xcode involving IAP. I generate a transaction as follows: Note, it has transaction ID "12". Under the uuid of the transaction as issuer, server interaction results in 401. However, under my own issuer ID, the server complains it has no knowledge of the transaction that was completed, as follows: How may I interact with transactions from Xcode in the sandbox for the App Store server? I'm hoping I may validate transactions prior to "consuming" services, especially since they cost money from our end.
1
0
690
Aug ’21