I am looking at using the v2 in-app subscriptions server-side notifications. I have got this working by decoding and validating the token using the x5c and alg properties in the header.
However, I don't know how to validate that this certificate was issued by Apple. The docs don't really seem to say anything about this.
Does anyone know how I do this? At the moment, my code is a bit pointless as the jwt could have been signed by anyone.
The only other thing I can think of is to ignore the JWT altogether and just use the API to query every time which seems to defeat the object.
johncp
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution