0

What is an url to obtain Apple public key?

This one doesn't work: https://sandbox.gc.apple.com/public-key/gc-sb-2.cer

I found only examples where such url is passed by a client itself:

How to authenticate the GKLocalPlayer on my 'third party server'?

Which is the way it's documented: https://developer.apple.com/library/ios/documentation/GameKit/Reference/GKLocalPlayer_Ref/index.html#//apple_ref/doc/uid/TP40009587-CH1-SW25

  1. Send the publicKeyURL, signature, salt, and timestamp parameters to the third party server used for authentication.
  2. Use the publicKeyURL on the third party server to download the public key.

Of course I can't use it because of security reasons.

Community
  • 1
  • 1
Vlad
  • 3,001
  • 1
  • 22
  • 52

2 Answers2

1

To avoid CSRF attack I just check the url with uri.DnsSafeHost.EndsWith(".gc.apple.com", StringComparison.OrdinalIgnoreCase).

Vlad
  • 3,001
  • 1
  • 22
  • 52
0

I don't understand the question. You get the URL from the call to generateIdentityVerificationSignatureWithCompletionHandler. I haven't done this myself, but I guess that you call that function in your app, and then you get the URL among the other stuff. You send it to your server, and the server can then verify the authenticate the user as described in https://developer.apple.com/library/ios/documentation/GameKit/Reference/GKLocalPlayer_Ref/index.html#//apple_ref/doc/uid/TP40009587-CH1-SW25

The URL is not constant, although possibly pseudo-constant. You shall use the URL that is passed to you.

Fredrik Johansson
  • 1,301
  • 1
  • 13
  • 26