- First of all we need to generate a app specific p8 file (pem formatted private key) do the following for this:
- go to your apple developer portal, under certificates
identifiers & profiles apple => keys
- click the + sign and create a key with the services you want to use it for
- then download the p8 file (be cautious not to lose it you cannot download it again)
- also copy the key id you will need it later
- in python install pyjwt and do the following:
data = {
"iss": "team_id", # team id of your developer account this can be found in your apple developer portal => identifier of your app => "App ID prefix"
"iat": timestamp_now, # creation timestamp in seconds
"exp": timestamp_exp, # expiration timestamp in seconds (max 20 mins) see
"aud": "https://appleid.apple.com",
"sub": client_id # your bundle
}
- open and read the private key (you downloaded in step 1) into a variable
with open("filename.p8", "r") as f:
private_key = f.read()
- generate your signed jwt token:
token = jwt.encode(payload=data, key=private_key, algorithm="ES256", headers={
"kid":key_id # the key id is the id u saved in step 1
}).decode()
- jwt.encode returns bytes if you want it as a string you need to decode it as I did
the complete code will look like this
import jwt
def generate_token()
with open("filename.p8", "r") as f:
private_key = f.read()
team_id = "teamid"
client_id = "bundle.id"
key_id = "keyid"
validity_minutes = 20
timestamp_now = int(utils.time_stamp_seconds())
timestamp_exp = timestamp_now + (60 * validity_minutes)
cls.last_token_expiration = timestamp_exp
data = {
"iss": team_id,
"iat": timestamp_now,
"exp": timestamp_exp,
"aud": "https://appleid.apple.com",
"sub": client_id
}
token = jwt.encode(payload=data, key=private_key, algorithm="ES256", headers={"kid": key_id}).decode()
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…