MapKit JS auth 401

Hello! I got problems with Apple Mapkit JS.


It happened in 2019/02/07 at 22:00 (MSK +3) and it continues to happen. When any page loads i get errors:

Failed to load resource: the server responded with a status of 404 (Not Found) cdn.apple-mapkit.com/ma/bootstrap?apiVersion=2mkjsVersion=5.0.0poi=1:1 Failed to load resource: the server responded with a status of 401 (Unauthorized) mapkit.js:3 GET https://cdn.apple-mapkit.com/ma/bootstrap?apiVersion=2mkjsVersion=5.0.0poi=1 401 (Unauthorized) loaderWillStart @ mapkit.js:3 mapkit.js:3 GET https://cdn.apple-mapkit.com/ma/bootstrap?apiVersion=2mkjsVersion=5.0.0poi=1 401 (Unauthorized) loaderWillStart @ mapkit.js:3 setTimeout (async) _reload @ mapkit.js:3 handleEvent @ mapkit.js:3 error (async) xhr @ mapkit.js:3 loaderWillStart @ mapkit.js:3 mapkit.js:3 Bootstrap.init(): initialization failed because the authorization token is invalid.


But JWT-tokens are providing the same way all the time from December 2018 and all was fine. Help me please, I can't get the real reason of these errors.

Replies

Been getting the same for 24 hours now. Have tried contacting support with no success. I don't know how Apple expects anyone to take their map offerings seriously for production applications with outages like this and no good way to get in contact with anyone.

(Cross-posting from https://forums.developer.apple.com/thread/113721)


I believe the token is being rejected because it contains duplicate claims. To check your token, execute this at the command line (substitute your token for your-token-here, but keep the quotes around it):


echo "your-token-here" | tr "." "\n" | head -2 | base64 -D


To check just the token header, use `head -1` in the above command.

You're right. Thanks for pointing this out. Removing the duplicates fixes it. That being said, something must have changed on Apple's end since maps have been working for us for many months. It would be great if we could get more notice when breaking changes are introduced.


Thanks!

How do you know if the token contains duplicate claims?