How to generate apple authorization token/client secret?

Question

How can I generate an authorization code/client secret in python for apple sign in and device check?

Answer 1

Here is another version of the code provided by @ARR and some links:

• team_id: https://developer.apple.com/help/account/manage-your-team/locate-your-team-id/
• client_id: The app identifier it looks like "my.app.com", you can find all your identifiers here: https://developer.apple.com/account/resources/identifiers/list
• key_id: This one can be obtained after creating the private_key in the following link https://appstoreconnect.apple.com/access/api

import jwt
import time

def generate_token():
    with open("file.p8", "r") as f:
        private_key = f.read()
        team_id = "123"
        client_id = "bundle.id"
        key_id = "123"
        validity_minutes = 20
        timestamp_now = int(time.time())
        timestamp_exp = timestamp_now + (60 * validity_minutes)
        # Assuming `last_token_expiration` is a class variable defined somewhere else
        # cls.last_token_expiration = timestamp_exp
        data = {
            "iss": team_id,
            "iat": timestamp_now,
            "exp": timestamp_exp,
            "aud": "https://appleid.apple.com",
            "sub": client_id
        }
        token = jwt.encode(
            payload=data,
            key=private_key.encode('utf-8'),
            algorithm="ES256",
            headers={"kid": key_id}
        )
        print(token)


generate_token()

Answer 2

1. First of all we need to generate a app specific p8 file (pem formatted private key) do the following for this:

• go to your apple developer portal, under certificates identifiers & profiles apple => keys
• click the + sign and create a key with the services you want to use it for
• then download the p8 file (be cautious not to lose it you cannot download it again)
• also copy the key id you will need it later

2. in python install pyjwt and do the following:

• create a payload dict:

         
data = {
    "iss": "team_id", # team id of your developer account this can be found in your apple developer portal => identifier of your app => "App ID prefix"
    "iat": timestamp_now, # creation timestamp in seconds
    "exp": timestamp_exp, # expiration timestamp in seconds (max 20 mins) see 
    "aud": "https://appleid.apple.com",
    "sub": client_id # your bundle
}

• open and read the private key (you downloaded in step 1) into a variable

with open("filename.p8", "r") as f:
    private_key = f.read()

• generate your signed jwt token:

token = jwt.encode(payload=data, key=private_key, algorithm="ES256", headers={
    "kid":key_id # the key id is the id u saved in step 1
}).decode()

• jwt.encode returns bytes if you want it as a string you need to decode it as I did

the complete code will look like this

import jwt

def generate_token():
        with open("filename.p8", "r") as f:
            private_key = f.read()
        team_id = "teamid"
        client_id = "bundle.id"
        key_id = "keyid"
        validity_minutes = 20
        timestamp_now = int(utils.time_stamp_seconds())
        timestamp_exp = timestamp_now + (60 * validity_minutes)
        cls.last_token_expiration = timestamp_exp
        data = {
                "iss": team_id,
                "iat": timestamp_now,
                "exp": timestamp_exp,
                "aud": "https://appleid.apple.com",
                "sub": client_id
            }
        token = jwt.encode(payload=data, key=private_key, algorithm="ES256", headers={"kid": key_id}).decode()