How can I generate an authorization code/client secret in python for apple sign in and device check?
Asked
Active
Viewed 9,714 times
2 Answers
13
- First of all we need to generate a app specific p8 file (pem formatted private key) do the following for this:
- go to your apple developer portal, under certificates identifiers & profiles apple => keys
- click the + sign and create a key with the services you want to use it for
- then download the p8 file (be cautious not to lose it you cannot download it again)
- also copy the key id you will need it later
- in python install pyjwt and do the following:
- create a payload dict:
data = {
"iss": "team_id", # team id of your developer account this can be found in your apple developer portal => identifier of your app => "App ID prefix"
"iat": timestamp_now, # creation timestamp in seconds
"exp": timestamp_exp, # expiration timestamp in seconds (max 20 mins) see
"aud": "https://appleid.apple.com",
"sub": client_id # your bundle
}
- open and read the private key (you downloaded in step 1) into a variable
with open("filename.p8", "r") as f:
private_key = f.read()
- generate your signed jwt token:
token = jwt.encode(payload=data, key=private_key, algorithm="ES256", headers={
"kid":key_id # the key id is the id u saved in step 1
}).decode()
- jwt.encode returns bytes if you want it as a string you need to decode it as I did
the complete code will look like this
import jwt
def generate_token():
with open("filename.p8", "r") as f:
private_key = f.read()
team_id = "teamid"
client_id = "bundle.id"
key_id = "keyid"
validity_minutes = 20
timestamp_now = int(utils.time_stamp_seconds())
timestamp_exp = timestamp_now + (60 * validity_minutes)
cls.last_token_expiration = timestamp_exp
data = {
"iss": team_id,
"iat": timestamp_now,
"exp": timestamp_exp,
"aud": "https://appleid.apple.com",
"sub": client_id
}
token = jwt.encode(payload=data, key=private_key, algorithm="ES256", headers={"kid": key_id}).decode()
ARR
- 2,074
- 1
- 19
- 28
-
I got this in terminal: SyntaxError: invalid syntax at this line---> `def generate_token() ` – JAHelia Mar 29 '23 at 11:45
-
1Fixed the code, the semi colons after the method were missing – ARR Mar 31 '23 at 16:43
0
Here is another version of the code provided by @ARR and some links:
- team_id: https://developer.apple.com/help/account/manage-your-team/locate-your-team-id/
- client_id: The app identifier it looks like "my.app.com", you can find all your identifiers here: https://developer.apple.com/account/resources/identifiers/list
- key_id: This one can be obtained after creating the private_key in the following link https://appstoreconnect.apple.com/access/api
import jwt
import time
def generate_token():
with open("file.p8", "r") as f:
private_key = f.read()
team_id = "123"
client_id = "bundle.id"
key_id = "123"
validity_minutes = 20
timestamp_now = int(time.time())
timestamp_exp = timestamp_now + (60 * validity_minutes)
# Assuming `last_token_expiration` is a class variable defined somewhere else
# cls.last_token_expiration = timestamp_exp
data = {
"iss": team_id,
"iat": timestamp_now,
"exp": timestamp_exp,
"aud": "https://appleid.apple.com",
"sub": client_id
}
token = jwt.encode(
payload=data,
key=private_key.encode('utf-8'),
algorithm="ES256",
headers={"kid": key_id}
)
print(token)
generate_token()
Gustavo Santamaría
- 837
- 1
- 10
- 21