How to sign a JSON token for use with MapKit JS?

This is a request for support regarding JSON token creation for MapKit JS.


Since my intent is not to create an app, but only to use MapKit JS, I only need a single JSON authorization token. That should not require use of a code library.


Following the instructions at "https://developer.apple.com/documentation/mapkitjs/creating_a_maps_identifier_and_a_private_key",

I have created a Maps ID and obtained a MapKit JS Private Key (a .p8 file). That key is downloaded and stored in a safe place.


However, there are NO instructions from Apple on how to use that private key.

The downloaded file is not of a type that is recognized by MacOS, so it cannot be opened with a double-click.

By experimentation, I discovered that it is possible to open the private key file using TextEdit. This revealed that the file is plain text, with 200 characters of encoded material preceded by a "begin" line and followed by an "end" line.


Proceeding to the documentation page at "https://developer.apple.com/documentation/mapkitjs/creating_and_using_tokens_with_mapkit_js",

the instructions to "Create a MapKit JS Token" are woefully incomplete. It is simple enough to complete a JSON object header and a JSON object claims payload with the necessary details appropriate to my situation. (However, it did take some experimentation at jwt.io/#debugger to determine reasonable values for "iat" and "exp".) But there is no clue anywhere as to how to "use [my] private key to sign the token", and all experimentation at jwt.io/#debugger has failed, i.e., yielded "invalid signature" instead of an encoded token.


Note that jwt.io/#debugger does not provide any instructions or help; it is one of those things that is supposed to be "intuitively obvious," but isn't.


What do I need to do to use the private key that Apple provided to sign a JSON token that I can then use with MapKit JS?

Replies

There's a tool to generate tokens for MapKit JS at https://maps.developer.apple.com/token-maker. Hope this helps!

That works; thank you very much!


It's disappointing that Apple apparently does not provide a link to that tool from the documentation page at

https://developer.apple.com/documentation/mapkitjs/creating_and_using_tokens_with_mapkit_js


That tool is part of a MapKit JS dashboard at https://maps.developer.apple.com/

but I cannot find where that dashboard is linked from other MapKit JS or developer account pages -- also disappointing.


Using a completed token also reveals that Apple's authorization process is very finicky and uninformative. The vague "authorization failure" message doesn't indicate what aspect of the token is invalid. It took some experimentation to find that an Origin restriction of "domainname.tld" won't permit use by "www.domainname.tld" (for example). That's not only disappointing but also counter-intuitive, since many Websites can be accessed equally well via both "domainname.tld" and "www.domainname.tld".