I'm not so familiar with using JWT so was hoping someone could walk me through how to generate my developer token for use from an iOS app (like the musickit sample code).
I have the key setup through the dev portal and have my signing key (certificate?)
Is this something I need to include a library for in the app? Or can I generate once using the command line or something and use the token as a string for all my requests?
Thanks,
Jason
Below is some code to generate developer token for node.js by "aljs" posted on codegists. You will generate your developer token only once at command line and use it for all your requests in your Swift/ObjC code.
"use strict";
const fs = require("fs");
const jwt = require("jsonwebtoken");
const request = require("request");
const privateKey = fs.readFileSync("AuthKey.p8").toString(); //your MusicKit private key
const jwtToken = jwt.sign({}, privateKey, {
algorithm: "ES256",
expiresIn: "180d",
issuer: "ABCDE12345", //your 10-character Team ID, obtained from your developer account
header: {
alg: "ES256",
kid: "FGHIJ67890" //your MusicKit Key ID
}
});
console.log("token:", jwtToken, "\n");
// sample service call
request.get(
{
url: "https://api.music.apple.com/v1/catalog/us/songs/203709340",
auth: {
bearer: jwtToken
},
json: true
},
(err, httpResponse, body) => {
if (err) {
console.error(err);
} else {
console.log(body);
}
}
);Here is the link to the code mentioned: https://codegists.com/snippet/javascript/indexjs_aljs_javascript
Thanks!
I also found this post: https://github.com/pelauimagineering/apple-music-token-generator
And was able to generate a token.
I notice you've set an expires in to 180d. Since we generate once from the command line and include the token in our app, should this be set to a date very far in the future?
I am trying to generate a token via node.js by running the code above in terminal and I keep getting the error:
Error: error:0906D06C:PEM routines:PEM_read_bio:no start lineI know my private key, issuer, and kid are correct. What could I be doing wrong?
The key file has extension P8 and it is in the same path with the script, right?
I've just made another test to verify this and it worked OK. I just save this code as index.js to the same folder with the P8 file and run "node index.js".
Yes thank you it did work. My text editor was not exporting the .js file correctly. Thanks for the double check however, this is first time I've used node.js and generating JWTs.
Just wanted to let Apple know that I find it totally unacceptable that we need to rely on 3rd party software to create that token.
Also, I find the proposed solution for storing the token safely on a server totally unacceptable.
It would be almost zero work for Apple to provide both services, but instead developers are bothered with JWT crap and expected to set up their own server infrastructure when the original idea of the app store was to exactly avoid that.
