4

I'm trying unsuccessfully to get a userToken for Apple Music SDK using the developerToken from JWT. I've used pelauimagineering/apple-music-token-generator and I could get a valid and static userToken. But apple recommend to make dynamic, so I'm trying to use JWT again.

Someone can tell me please what's wrong with my code? Thank you

func fetchDeveloperToken() -> String? {
   func fetchDeveloperToken() -> String? {
    let iat = Date().timeIntervalSince1970
    let days = TimeInterval(24*60*60*120) //120 days
    let exp = TimeInterval(iat + days)
    let kid = "TBESJXXXXX"
    let iss = "KQ6Z6XXXXX"
    let alg = "ES256"
    let secret = "MIGTAgEAMBMGByqEU7ZHQsoVfmKCCxS5W6BnCgCgYIKoZIzj0AAQcggNoN7dTkNG/8timkkf+Z2toogAqN41YgOXXXXXXXXXXXXXXXXXXsecretkey"
    let header:[AnyHashable:Any] = ["alg":alg, "kid":kid]
    let payload:[AnyHashable:Any] = ["iss": iss,
                                     "iat": iat,
                                     "exp": exp]
    let algorithm256 = JWTAlgorithmHS256()
    return JWT.encodePayload(payload, withSecret: secret, withHeaders: header, algorithm: algorithm256)
}
GuiOS
  • 73
  • 9

1 Answers1

2

Apple requires you to use the ES256 algorithm, not HS256, I ran into the same issue too. The JWT libray that you're using doesn't support ES256 as you can see here. The only other library on iOS that is listed that supports it is this one

henrik-dmg
  • 1,448
  • 16
  • 23
  • Well with this code above, I can generate a string, where running the command at terminal: curl -v -H 'Authorization: Bearer [developer token]' "https://api.music.apple.com/v1/catalog/us/songs/203709340" I can get valid connection with api.music.apple.com and I can make my app to work. But. is a static string, which apple does not recommend...and has an fixed expiration date. :( – GuiOS Dec 18 '17 at 15:40
  • @Fri3ndlyGerman But how did you add this lib in iOS? This uses Swift Package Manager and :/ – Rico Crescenzio Jul 18 '18 at 08:17
  • Just wanted to let you and others coming along here know: The information shown at https://jwt.io/ seems to be wrong. It says Vapor/JWT would support ES256 but it apparently does not: See this Issue here https://github.com/vapor/jwt/issues/92 – phlebotinum Sep 11 '18 at 14:00
  • Nowadays there are at least two pure Swift libraries that support ES256: https://github.com/IBM-Swift/Swift-JWT.git and https://github.com/klaas/CupertinoJWT – Klaas Jun 17 '19 at 11:44