I'm trying to authenticate to Apple's AppStoreConnect API with an ES256 signed JWT (per their instructions at https://developer.apple.com/documentation/appstoreconnectapi) using PHP.
Sending my request always results in a 401 NOT_AUTHORIZED error.
I've verified that the the contents of my header and claims are correct - I even found a Ruby script online for generating an ES256 signed JWT and using my Apple provided Issuer, Key ID, Private Key, it works swimmingly - Apple accepts the token. That tells me that my credentials are good and I'm doing something wrong in php.
Unless I've simply stared at this code for too long, the JWT format is correct, base64 encoded correctly, and the bearer token is set correctly in the header.
To rule out an issue with request sending I've tried both GuzzleHTTP and CLI cURL - both a 401.
Here's the relevant code. You'll see that the create method is encoding the header and claims, signing the "payload", and concatenating all 3.
public function create(){ $header = $this->encode( json_encode([ 'kid' => 'my_key_id', 'alg' => 'ES256', 'typ' => 'JWT', ]) ); $claims = $this->encode( json_encode([ 'iss' => 'my_issuer_uuid', 'exp' => time() + (20 * 60), 'aud' => 'appstoreconnect-v1', ]) ); $signature = $this->encode( $this->sign("$header.$claims") ); return $header . '.' . $claims . '.' . $signature;}This code successfully returns an open ssl resource, $data has the expected contents.
public function sign($data){ if (!$key = openssl_pkey_get_private('file://my_key_file.p8')) { throw new \Exception('Failed to read PEM'); } if (!openssl_sign($data, $signature, $key, OPENSSL_ALGO_SHA256)) { throw new \Exception('Claims signing failed'); } return $signature;}Base64 URL encoding... $data has the expected contents.
public function encode($data){ return str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($data));}At this point I'm stumped to what it is I'm doing wrong or missing. I'm hoping some extra eyes will find something! Using the token that my code dumps out:
curl https://api.appstoreconnect.apple.com/v1/users --Header "Authorization: Bearer <token>”...always returns a 401. I suspect there's something wrong in the signing portion of the code as it's the only part I haven't been able to verify (again, worked in Ruby), though looking at all the docs and examples for openssl_sign, I'm pretty sure it's right.
For reference, this is the Ruby script I mention https://shashikantjagtap.net/generating-jwt-tokens-for-app-store-connect-api/
In this sample from Ktor website https://ktor.io/samples/feature/auth.html they use an account "test" with password "test" as example.
@UseExperimental(KtorExperimentalAPI::class)val hashedUserTable = UserHashedTableAuth( getDigestFunction("SHA-256") { "ktor${it.length}" }, table = mapOf( "test" to Base64.getDecoder().decode("GSjkHCHGAxTTbnkEDBbVYd+PUFRlcWiumc4+MWE9Rvw=") // sha256 for "test" ))I need to create another entry, but I can't figure out how they got that hash. I tried to sha256 the word "test", salted or not, tried to base64 the result... Nothing matches that hash so I'm unable to create another user.
Anyone could enlighten me here on how to create a compatible hash with that code?
We are trying to connect to Periodic's API using Swift 5. In order to do that, part of the process is encoding a concatenated string in HMAC SHA-256. In our code, we accomplish this by the following code:
let hmac = premac.digest(.sha256, key: "API KEY")Which is using the SwiftCrypto library to accomplish this. According to Periodic's CTO, we are getting close but the issue is that this function's output is giving us a HEX version when we really need the bytestring level.
We are unsure how to proceed.
I'm trying to implement a signature in a Solidity contract and I'm having problems when it comes to comparing hashes. I calculate the hash with the following code in solidity:
sha256(abi.encodePacked(param1, ...., paramN);Where:
abi.encodePacked(param1, ..., paramN) = [bytes: 0x0102030405060701]
and
sha255(abi.encodePacked(param1, ..., paramN)) = [bytes32: 0x245138c905599c8579ab186fbdbd6e62396aac35a98a6568f8803eed049d1251]
The main problem I'm having is that by using python sha256 on 0102030405060701 the result I'm getting is 5bc31e3decf480124c79c114744d111ec82b62e466a097c3ced6fe76cbace9a5.
What am I doing wrong?
I'm creating a User Table on DynamoDB, and I wanted to set the primary key as a sha256 hash string of the user's email address.
Is it a good idea to keep a SHA256 value as a primary key in a DynamoDB table? Would this be better for lookups or worse?
Please note that by viewing our site you agree to our use of cookies (see 개인 정보 보호 for details). You will only see this message once.