Can't get a MapKitJS JWT token to work

Question

Created Mar ’19

Replies 25

Boosts 0

Views 8.4k

Participants 3

I've used JWTs a lot for user authentication, but I can't get them to work with MapKitJS. I have a route that creates a token...

const privateKey = fs.readFileSync(__dirname + "/../MapKitJS_AuthKey.p8");
const token = jwt.sign({
  origin: event.local === true ? 'http://localhost:8080' : 'NO'
}, privateKey, {
  header: {
    kid: process.env.kid,
    typ: 'JWT',
    alg: 'ES256'
  },
  issuer: process.env.iss,
  expiresIn: '1h',
  algorithm: 'ES256'
});

I'm using node, and the resulting token looks just fine...

eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkdBQUw3VlVWRzQifQ.eyJvcmlnaW4iOiJodHRwOi8vbG9jYWxob3N0OjgwODAiLCJpYXQiOjE1NTE1MDkzNDgsImV4cCI6MTU1MTUxMjk0OCwiaXNzIjoiOEJVMlk4QzVKNyJ9.BSXts5IrsUyPfsPnkbI-MeUC3xpZkQ2K_1wsjMw-RrT3qLE7WSULFpmvF076V6HAU1J80vBCd5o8veRXCFWN4g

Looking at it in jwt.io it come out nicely...

{

"alg": "ES256",

"typ": "JWT",

"kid": "GAAL7VUVG4"

}

{

"origin": "http://localhost:8080",

"iat": 1551509348,

"exp": 1551512948,

"iss": "8BU2Y8C5J7"

}

But passing the toke to MapKitJS I always get "Bootstrap.init(): initialization failed because the authorization token is invalid." from the server. I'm at a loss. I have no idea what to do at this point.

Answered by jzaun in 355079022

Hi,

Well, your code and my code work. I needed to make a new certificate. I don't know why the one I was using is invalid. I've tried the old certificate with your code and it produces invalid tokens as well. The new certificate makes valid tokens is both versions of the code.

I would be interested in knowing if the old certificate I downloaded got corrupted somehow or if it was originally invalid, but I can't redownload it so there is no way to tell.

Anyway, thank you for your help, sorry I've been such a bother.

For anyone else reading this: The certificate was invalid. I made a new one Key and downloaded the new certificate and things worked.

Boost

Answer 1

jzaun OP

Mar ’19

I just checked spam and trash. The only email I have is the auto reply ok March 22. I tried looking on the developer website as well and there is no reply there either.

0

Answer 2

DTS Engineer OP

Apple

Mar ’19

Please reply to the Auto-ask message with the follow-up number from the email account you are checking, and we will reply to the email address that new email comes from.

0

Answer 3

jzaun OP

Mar ’19

I did this, got another automatic reply.

0

Answer 4

DTS Engineer OP

Apple

Mar ’19

We got the new message, thank you. Please look for a reply in about an hour.

0

Answer 5

jzaun OP

Mar ’19

Just checked, nothing yet.

0

Answer 6

DTS Engineer OP

Apple

Mar ’19

Another reply went out, from a different email address this time (dts@apple.com).

0

Answer 7

jzaun OP

Mar ’19

OK, I just got a reply.

0

Answer 8

DTS Engineer OP

Apple

Mar ’19

Your posted token does not work for me either. Here is a token you can use in your test map to see it instantiate - it is good until next Friday.

eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkM2WE5HWVlaTUoifQ.eyJpc3MiOiI5RTI5VUE1NVo2IiwiaWF0IjoxNTUzODg4MTQ5LjI5NywiZXhwIjoxNTU0NDkyOTQ5LjI5N30.6N0xbx2MP4xmvN-kHYXoJw-VjR-NHI9Bnpu4y9vYk-q3CZ-usidXlkxYqqJooIBcjeR1Xrafgt4SdbyEy

I have tried your sample Node.js server code, configured with my identites, and could generate valid tokens from that. Here is a different way of generating tokens that I use in my test enviroment, this generated the token above:

const express = require('express')
const app = express()
const fs = require('fs')
const jwt = require('jsonwebtoken')


// Configure these values
const wwdrTeamID = "AAAAAAAAAA"
const mapkitJSKeyID = "BBBBBBBBBB"
let authKey = fs.readFileSync("./auth/MapKit_JS_AuthKey.p8"); // From Developer Portal


app.get('/', (req, res) => res.send('Hello World!'))
app.listen(8080, () => console.log('Example app listening on port 8080!'))




let payload = {
  iss: wwdrTeamID,
  iat: Date.now() / 1000,
  exp: (Date.now() / 1000) + (60 * 60 * 24 * 7), // 60 seconds, 60 minutes, 24 hours, 7 days
};


let header = {
  kid: mapkitJSKeyID,
  typ: "JWT",
  alg: "ES256"
};


app.get("/token", (req, res) => {
  res.send(
  jwt.sign(payload, authKey, { header: header })
  );
})


app.use(express.static('public'))

I would like you to build a new server out of just this script, changing only the Team ID and MapKit JS ID. If a token from this script works, then this means there's something about your regular server that you'll need to look in to. If a token from this script does not work, please create a new MapKit JS Team ID and certificate, configure the script to use those credentials, and try again.

Once you've done this work, please let me know the results. If you continue to get invalid tokens, please detail the steps you took to test it in this scenario, share the server JavaScript file for the new server, and share the invalid token.

0

Answer 9

jzaun OP

Mar ’19

Accepted Answer

Hi,

Well, your code and my code work. I needed to make a new certificate. I don't know why the one I was using is invalid. I've tried the old certificate with your code and it produces invalid tokens as well. The new certificate makes valid tokens is both versions of the code.

I would be interested in knowing if the old certificate I downloaded got corrupted somehow or if it was originally invalid, but I can't redownload it so there is no way to tell.

Anyway, thank you for your help, sorry I've been such a bother.

For anyone else reading this: The certificate was invalid. I made a new one Key and downloaded the new certificate and things worked.

0

Answer 10

DTS Engineer OP

Apple

Mar ’19

Great, I'm glad you figured this out!

0