3

I am working with JWT token with algorithm ES256 using PHP to check devices for IOS And successfully create JWT (JSON web token) for it.

I have tried to call API for device check through the postman API: https://api.development.devicecheck.apple.com/v1/query_two_bits

require 'vendor/autoload.php';

use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Signer\Key;
use Lcobucci\JWT\Signer\Ecdsa\Sha256;

$signer = new Sha256();

$privateKey = new Key('file:///AuthKey_*****.p8');
$time = time();

$token = (new Builder())->issuedBy('**********') 
                        ->issuedAt($time)
                        ->setHeader('kid', '*********')
                        ->getToken($signer,  $privateKey);

I have successfully created a JWT token from the above code,

API: https://api.development.devicecheck.apple.com/v1/query_two_bits

But when I pass this token in authorization bearer in above API I am getting below error.

Unable to verify authorization token

Is there any error while creating an authentication file?

Abhishek Desai
  • 136
  • 8
  • Where is the code to check the JWT token? – Jay Pandya Jun 10 '19 at 09:54
  • @JayPandya I have check directly in jwt.io And it shows Invalid Signature. – Abhishek Desai Jun 10 '19 at 10:07
  • So where do you provide your private key to verify the valid token on jwt.io? – Jay Pandya Jun 10 '19 at 10:27
  • @JayPandya No, right now I am not providing any private key to verify the valid token in JWT. Where can I use the private key in jwt.io, Right now while generating token I use .p8 file to get the private key. Is that right to get the private key from .p8 file? – Abhishek Desai Jun 10 '19 at 10:47
  • I don't think they are providing any option to verify the `JWT Token` with a private key. So you have to do it in your code. – Jay Pandya Jun 10 '19 at 10:49
  • Ok, thanks, For verifying the JWT Token in the code I need to the public key, Can you please help me, how can I genrate public key? – Abhishek Desai Jun 10 '19 at 10:55

0 Answers0