User Profile

Fixed it. Generated client_secret was invalid (but API returns invalid_client). If someone will need it, i share here working Java example to get JWT token: import io.jsonwebtoken.JwsHeader; import io.jsonwebtoken.JwtBuilder; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; import java.io.Reader; import java.io.StringReader; import java.security.Key; import java.security.KeyPair; import java.security.Security; import java.util.Date; public class AsaToken { public static void main(String[] args) throws Exception { Key key = getKey(); String clientId = "SEARCHADS..."; String teamId = "SEARCHADS..."; String keyId = "your_key; String audience = "https://appleid.apple.com"; String alg = "ES256"; final int expiration = 1000 * 60 * 5; JwtBuilder token = Jwts.builder() .setHeaderParam(JwsHeader.KEY_ID, keyId) .setHeaderParam(JwsHeader.ALGORITHM,alg) .setIssuer(teamId) .setAudience(audience) .setSubject(clientId) // app id com.app.id .setExpiration(new Date(System.currentTimeMillis() + expiration)) .setIssuedAt(new Date(System.currentTimeMillis())) .signWith(key, SignatureAlgorithm.ES256);// ECDSA using P-256 and SHA-256 System.out.println(token.compact()); } static Key getKey () throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); Reader rdr = new StringReader("-----BEGIN EC PRIVATE KEY-----\n" + "MHcCAQEEIGW/yC+S0umaZQ7NC+/YR6KYsMEBNZK6/dLeIfbeS0QRoAoGCCqGSM49\n" + "AwEHoUQDQgAEh5AFB3WTDy9Zvo2PbgwNnCP39+PezA7AG/qT09cBLIBIBa0kKbEB\n" + "fcJ910wkr9Ah+NrtUgCeQOE8vx8ObmjMeg==\n" + "-----END EC PRIVATE KEY-----"); Object parsed = new org.bouncycastle.openssl.PEMParser(rdr).readObject(); KeyPair pair = new JcaPEMKeyConverter().getKeyPair((org.bouncycastle.openssl.PEMKeyPair)parsed); return pair.getPrivate(); } }