CODEWITHSUNDEEP
phpios
IamIdiot
IamIdiot

Reputation: 41

"status": "401", "code": "NOT_AUTHORIZED", "title": "Authentication credentials are missing or invalid."

I want to request the apple server but I try much time still get this message "Authentication credentials are missing or invalid." . Could anyone find out where the script use wrong ? follow below script . 

   require __DIR__ . '/vendor/autoload.php';
    use Firebase\JWT\JWT;
    date_default_timezone_set("Asia/Taipei");

    header('Content-Type: application/json'); // Specify the type of data

This build apple api header and Payload

   $privateKey =<<<EOD
    -----BEGIN PRIVATE KEY-----
    MY_privte_Key
    -----END PRIVATE KEY-----
    EOD;
    $JWT_Header = array(
        "kid"=> "xxxxx",
    );
    $JWT_Payload = array(
        "iss"=> "xx-xx-xx",
        "exp"=>time(),
        "aud"=> "appstoreconnect-v1"
    );

This get JWT token

   $jwt = JWT::encode($JWT_Header, $privateKey, 'ES256','YPVNQH3M54');
    $authorization = "Authorization: Bearer ".$jwt;
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "https://api.appstoreconnect.apple.com/v1/users");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    //Set your auth headers
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
       'Content-Type: application/json',
       'Authorization: Bearer ' . $authorization
       ));

This get api respond 

  $response = curl_exec($ch);

      echo "<pre>";
    $err = curl_error($ch);

    curl_close($ch);


    if ($err) {

      echo "cURL Error #:" . $err."<br>";

       print_r(json_decode($response));

    } else {

      print_r(json_decode($response));

    }



function base64url_encode($data) {

    return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');

  }

This image when script execute result r

Upvotes: 2

Views: 1164

Answers (1)

gwcoffey
gwcoffey

Reputation: 5921

It looks like you’re setting the exp claim to the current time which means your token will expire immediately. You should set this to the time you want the token to expire.

Since you’re using this token in a php page I assume it is used just once. If that’s the case, 30 seconds from now is probably safe. Long enough to account for clock skew but still short to reduce risk.

Bear in mind App Store Connect will reject any token that expires more than 20 minutes in the future.

Upvotes: 1

Related Questions