Post not yet marked as solved
Click to stop watching this thread.
You have stopped watching this post. Click to start watching again.
Post marked as unsolved with 4 replies, 0 views
Replied In
Path parameters of App Store Connect API
Dear @ChuckMN,
Thank you for your reply.
Certainly there are concerns about flexible scopes.
I am convinced by what you said.
I was hoping to avoid having to spend time generating Tokens each time, but perhaps that is something we should accept.
would it be possible for you to share your full JWT composure code so that we can see what it looks like?
I was able to generate Token with this code
func generateAppStoreConnectToken(scopes []string) string {
p8bytes, _ := os.ReadFile(os.Getenv("API_KEY_FILE_PATH"))
decoded, _ := pem.Decode(p8bytes)
parsedKey, _ := x509.ParsePKCS8PrivateKey(decoded.Bytes)
ecdsaPrivateKey, _ := parsedKey.(*ecdsa.PrivateKey)
claims := jwt.MapClaims{
"iss": os.Getenv("API_KEY_ISSUER_ID"),
"iat": time.Now().Unix(),
"exp": time.Now().Add(20 * time.Minute).Unix(),
"aud": "appstoreconnect-v1",
"scope": scopes,
}
token := jwt.NewWithClaims(jwt.SigningMethodES256, claims)
token.Header["kid"] = os.Getenv("API_KEY_KEY_ID")
tokenString, _ := token.SignedString(ecdsaPrivateKey)
return tokenString
}
token := generateAppStoreConnectToken(
[]string{
"GET /v1/apps",
},
)
Since this is an experimental code, error handling is omitted.
As a test, I excluded /v1 from the request Scope and the API call failed.
The error message is as follows
"The request RequestData(method=GET, path=/v1/apps, query=null) does not match any authorized scope: [RequestData(method=GET, path=/apps, query=null)]"
Wildcards continued to be unavailable, but your advice helpful for me.
I will be aware of the safe Token scope.
Thank you!