Features being implemented
store External Payment Report
Implementation Language and Framework
JAVA springboot
a problem
https://developer.apple.com/documentation/externalpurchaseserverapi/send-external-purchase-report?changes=latest_major
I send jwt tokens in the header to the apple endpoint
If a 401 authentication error occurs all of a sudden while being sent successfully in the beginning, a 401 error has occurred since then
What I checked
Tokens are being re-created and sent every time a report is sent
I'm currently using aws ec2 load balancer and I get 401 error and when I shut down Tomcat and restart it, it works normally and then the above problem occurs again
Even if I send the token that I used to send since 401 happened using postman, 401 error
If my local server issues tokens again with the same content and sends the report to postman, it works fine
Considering the above problems and the confirmed contents, why 401 problems suddenly occur
I'd like to know how to solve that part.
private String keyId="******";
private String issuerId="******";
private String bundleId = "ai.******";
Instant now = Instant.now();
Date issuedAt = Date.from(now);
Date expiresAt = Date.from(now.plusSeconds(20 * 60));
public String createToken(){
try {
PrivateKey key = getPrivateKey();
return Jwts.builder()
.setHeaderParam("alg", "ES256")
.setHeaderParam("kid", keyId)
.setHeaderParam("typ", "JWT")
.setIssuer(issuerId)
.setIssuedAt(issuedAt)
.setExpiration(expiresAt)
.setAudience("appstoreconnect-v1")
.signWith(key, SignatureAlgorithm.ES256)
.claim("bid",bundleId)
.compact();
}catch (Exception e){
e.printStackTrace();
throw new RuntimeException("JWT error", e);
}
}
private static PrivateKey getPrivateKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
InputStream privateKey = new ClassPathResource("certs/SubscriptionKey_***********.p8").getInputStream();
String result = new BufferedReader(new InputStreamReader(privateKey)) .lines().collect(Collectors.joining("\n"));
String key = result.replace("-----BEGIN PRIVATE KEY-----\n", "")
.replace("-----END PRIVATE KEY-----", "")
.replace("\n", "");
byte[] decoded = Base64.getDecoder().decode(key);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decoded);
KeyFactory keyFactory = KeyFactory.getInstance("EC");
return keyFactory.generatePrivate(keySpec);
}
dev_ram
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Post
Replies
Boosts
Views
Activity
We are producing a function to submit an Apple external purchase report.
When I sent the report, I created a jwt token and put it in the header
There are times when you operate normally and suddenly get a 401 error.
When I checked the entity to log before sending the report, I found that the header was well contained and the token changed every time I called.
Once you get 401 error, you have to shut down your server(tomcat) once and run it again
May I know what kind of problem is causing this phenomenon?
Or can I find a way to fix the problem? The server is using aws ec2 load balancer
The back language is java spring boot
jwt token create code
private String keyId="******";
private String issuerId="******";
private String bundleId = "ai.******";
Instant now = Instant.now();
Date issuedAt = Date.from(now);
Date expiresAt = Date.from(now.plusSeconds(20 * 60));
public String createToken(){
try {
PrivateKey key = getPrivateKey();
return Jwts.builder()
.setHeaderParam("alg", "ES256")
.setHeaderParam("kid", keyId)
.setHeaderParam("typ", "JWT")
.setIssuer(issuerId)
.setIssuedAt(issuedAt)
.setExpiration(expiresAt)
.setAudience("appstoreconnect-v1")
.signWith(key, SignatureAlgorithm.ES256)
.claim("bid",bundleId)
.compact();
}catch (Exception e){
e.printStackTrace();
throw new RuntimeException("JWT error", e);
}
}
private static PrivateKey getPrivateKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
InputStream privateKey = new ClassPathResource("certs/SubscriptionKey_***********.p8").getInputStream();
String result = new BufferedReader(new InputStreamReader(privateKey)) .lines().collect(Collectors.joining("\n"));
String key = result.replace("-----BEGIN PRIVATE KEY-----\n", "")
.replace("-----END PRIVATE KEY-----", "")
.replace("\n", "");
byte[] decoded = Base64.getDecoder().decode(key);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decoded);
KeyFactory keyFactory = KeyFactory.getInstance("EC");
return keyFactory.generatePrivate(keySpec);
}