Can't get a MapKitJS JWT token to work

Question

I've used JWTs a lot for user authentication, but I can't get them to work with MapKitJS. I have a route that creates a token...

const privateKey = fs.readFileSync(__dirname + "/../MapKitJS_AuthKey.p8");
const token = jwt.sign({
  origin: event.local === true ? 'http://localhost:8080' : 'NO'
}, privateKey, {
  header: {
    kid: process.env.kid,
    typ: 'JWT',
    alg: 'ES256'
  },
  issuer: process.env.iss,
  expiresIn: '1h',
  algorithm: 'ES256'
});

I'm using node, and the resulting token looks just fine...

eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkdBQUw3VlVWRzQifQ.eyJvcmlnaW4iOiJodHRwOi8vbG9jYWxob3N0OjgwODAiLCJpYXQiOjE1NTE1MDkzNDgsImV4cCI6MTU1MTUxMjk0OCwiaXNzIjoiOEJVMlk4QzVKNyJ9.BSXts5IrsUyPfsPnkbI-MeUC3xpZkQ2K_1wsjMw-RrT3qLE7WSULFpmvF076V6HAU1J80vBCd5o8veRXCFWN4g

Looking at it in jwt.io it come out nicely...

{

"alg": "ES256",

"typ": "JWT",

"kid": "GAAL7VUVG4"

}

{

"origin": "http://localhost:8080",

"iat": 1551509348,

"exp": 1551512948,

"iss": "8BU2Y8C5J7"

}

But passing the toke to MapKitJS I always get "Bootstrap.init(): initialization failed because the authorization token is invalid." from the server. I'm at a loss. I have no idea what to do at this point.

Core Location

7k

Posted by

jzaun

Reply

Add a Comment

Answer 1

Hi,

Well, your code and my code work. I needed to make a new certificate. I don't know why the one I was using is invalid. I've tried the old certificate with your code and it produces invalid tokens as well. The new certificate makes valid tokens is both versions of the code.

I would be interested in knowing if the old certificate I downloaded got corrupted somehow or if it was originally invalid, but I can't redownload it so there is no way to tell.

Anyway, thank you for your help, sorry I've been such a bother.

For anyone else reading this: The certificate was invalid. I made a new one Key and downloaded the new certificate and things worked.

Posted by

jzaun

Add a Comment

Answer 2

I just checked spam and trash. The only email I have is the auto reply ok March 22. I tried looking on the developer website as well and there is no reply there either.

Posted by

jzaun

Add a Comment

Answer 3

Please reply to the Auto-ask message with the follow-up number from the email account you are checking, and we will reply to the email address that new email comes from.

Posted by

edford

Add a Comment

Answer 4

I did this, got another automatic reply.

Posted by

jzaun

Add a Comment

Answer 5

We got the new message, thank you. Please look for a reply in about an hour.

Posted by

edford

Add a Comment

Answer 6

Just checked, nothing yet.

Posted by

jzaun

Add a Comment

Answer 7

Another reply went out, from a different email address this time (dts@apple.com).

Posted by

edford

Add a Comment

Answer 8

OK, I just got a reply.

Posted by

jzaun

Add a Comment

Answer 9

Your posted token does not work for me either. Here is a token you can use in your test map to see it instantiate - it is good until next Friday.

eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkM2WE5HWVlaTUoifQ.eyJpc3MiOiI5RTI5VUE1NVo2IiwiaWF0IjoxNTUzODg4MTQ5LjI5NywiZXhwIjoxNTU0NDkyOTQ5LjI5N30.6N0xbx2MP4xmvN-kHYXoJw-VjR-NHI9Bnpu4y9vYk-q3CZ-usidXlkxYqqJooIBcjeR1Xrafgt4SdbyEy

I have tried your sample Node.js server code, configured with my identites, and could generate valid tokens from that. Here is a different way of generating tokens that I use in my test enviroment, this generated the token above:

const express = require('express')
const app = express()
const fs = require('fs')
const jwt = require('jsonwebtoken')


// Configure these values
const wwdrTeamID = "AAAAAAAAAA"
const mapkitJSKeyID = "BBBBBBBBBB"
let authKey = fs.readFileSync("./auth/MapKit_JS_AuthKey.p8"); // From Developer Portal


app.get('/', (req, res) => res.send('Hello World!'))
app.listen(8080, () => console.log('Example app listening on port 8080!'))




let payload = {
  iss: wwdrTeamID,
  iat: Date.now() / 1000,
  exp: (Date.now() / 1000) + (60 * 60 * 24 * 7), // 60 seconds, 60 minutes, 24 hours, 7 days
};


let header = {
  kid: mapkitJSKeyID,
  typ: "JWT",
  alg: "ES256"
};


app.get("/token", (req, res) => {
  res.send(
  jwt.sign(payload, authKey, { header: header })
  );
})


app.use(express.static('public'))

I would like you to build a new server out of just this script, changing only the Team ID and MapKit JS ID. If a token from this script works, then this means there's something about your regular server that you'll need to look in to. If a token from this script does not work, please create a new MapKit JS Team ID and certificate, configure the script to use those credentials, and try again.

Once you've done this work, please let me know the results. If you continue to get invalid tokens, please detail the steps you took to test it in this scenario, share the server JavaScript file for the new server, and share the invalid token.

Posted by

edford

Add a Comment

Answer 10

Hi,

Well, your code and my code work. I needed to make a new certificate. I don't know why the one I was using is invalid. I've tried the old certificate with your code and it produces invalid tokens as well. The new certificate makes valid tokens is both versions of the code.

I would be interested in knowing if the old certificate I downloaded got corrupted somehow or if it was originally invalid, but I can't redownload it so there is no way to tell.

Anyway, thank you for your help, sorry I've been such a bother.

For anyone else reading this: The certificate was invalid. I made a new one Key and downloaded the new certificate and things worked.

Posted by

jzaun

Add a Comment

Answer 11

Great, I'm glad you figured this out!

Posted by

edford

Add a Comment

Can't get a MapKitJS JWT token to work

Accepted Reply

Replies