Hello!
I am currently working on a react.js application that is integrating with the MusicKit v3 library. I have followed the documentation to generate a JWT for MusicKit and add the library to my application.
Using my token I am able to successfully retrieve song information from the Apple Music API, but I am having trouble with authentication.
When I call music.authorize() and successfully go through the Apple sign in popup, I am receiving the following 403 error:
https://play.itunes.apple.com/WebObjects/MZPlay.woa/wa/webPlayerLogout 403 musickit.js:44 Uncaught (in promise) AUTHORIZATION_ERROR: Unauthorized
After stepping through the music kit API and login popup with breakpoints, I am seeing that the music user token is null, despite the login popup succeeding and returning a proper token/response:
{"isAppleMusicSubscriber":"true","musicUserToken":"Ak4ItOgRRRG2y6xgA/OeWQPK0RqPQ/esAJkRN0B/Ua/AWLT52tLhd2TfzMK6uhH+Nczvd7wjYDM1UewG/NledKtimwlrR+s5tdQPk/FG28zqhBqXZ12q6LC516w8ELZDwv5T61kV8xiJ1KSO1q4pGi01JO7SuPMtOqB/QsycYj+xNnrYUEwlP5tm/zxfg7bWmvuWMwfUruYR+A1U9FdXZsdIITVmxCjiHg8ro9xXRzl6Txhsag\u003d\u003d","cid":"REDACTED","itre":"REDACTED","supported":"REDACTED"}
I have tested my application with multiple Apple Music users who have paid subscriptions. All accounts are receiving this same error.
I have tried regenerating my JWT token multiple times following various guides. My latest attempt used the following node library and parameters:
var jwt = require('jsonwebtoken');
var fs = require('fs');
var privateKey = fs.readFileSync('./AuthKey_MYKEY.p8');
let now = new Date();
let nextMonth = new Date(now.getFullYear(), now.getMonth() + 1, now.getDate());
let nowEpoch = Math.round(now.getTime() / 1000); // number of seconds since Epoch, in UTC
let nextMonthEpoch = Math.round(nextMonth.getTime() / 1000); // number of seconds since Epoch, in UTC
var payload = {
iss: 'REDACTED', // TEAM ID
iat: nowEpoch,
exp: nextMonthEpoch
};
var options = {
algorithm: 'ES256',
header: {
alg: 'ES256',
kid: 'REDACTED' // KEY ID
}
};
jwt.sign(payload, privateKey, options, function(error, token) {
console.log(error);
console.log(token);
});
I have a valid App Identifier created with the MusicKit App Service enabled.
I am stuck! I have no other ideas on the possible root cause here. Is there something I am missing? I have a mobile app currently in Test Flight - does this app need to be released to the app store? I am out of guesses!
Any support here would be greatly appreciated!
Thank you for your time.
Patrick
For those who are running in to similar error in Django, you need to explicitly set SECURE_REFERRER_POLICY in settings.py. Django's default referrer-policy is "same-origin", so give something like SECURE_REFERRER_POLICY = "no-referrer-when-downgrade" or SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin".