search

agisboye / app-store-server-api

A Node.js client for the App Store Server API
MIT License
210 stars 32 forks source link

401 'Unauthorized' response on first JWT use #23

Closed harryfb closed 1 year ago

harryfb commented 1 year ago

I'm getting a 401 response intermittently when calling getSubscriptionStatuses. The issue looks to be time-based, as when I make successive calls (and the previously generated token is picked up from this.token) I get a 200 status - largely on the second attempt.

If I force getToken() to generate a new JWT on each call, by removing the expiration checking logic, the issue starts intermittently affecting every call. So it seems like Apple is failing to verify newly created JWTs that are immediately passed into the request.

It doesn't strike me as being environment related seeing as it is intermittent and hardcoding token in makeRequest() to a JWT generated by getToken() (that originally resulted in a 401 status) always gives me successful responses.

Any help is much appreciated!

Version: 0.6.0 Node: 16.13.0

agisboye commented 1 year ago

I had a few of these as well a couple of days ago. The error message is The request is unauthorized; the JSON Web Token (JWT) is invalid..

I think it must've been an isolated issue on Apple's part as I haven't encountered them before or had any in the last few days. I'll go ahead and close the issue but feel free to re-open it if you're still seeing these errors.

adriancable commented 1 year ago

@agisboye / @harryfb - problem in our case when we encountered this was clock skew between local and App Store server. Check that iat/nbf/exp have a little margin in them to account for clock skew.

craftzdog commented 1 year ago

Hi,

It works properly on Sandbox but gets an error The request is unauthorized; the JSON Web Token (JWT) is invalid when calling requestTestNotification on Production. I'm using the same key and IDs. Do you guys have a similar issue?

Version: 0.7.0 Node: 18.12.0

craftzdog commented 1 year ago

Looks like related to this issue: https://developer.apple.com/forums/thread/711801

For anyone else who encounters the issue - after releasing the app to the app store, I no longer get 401 response, and the API works as expected for both production and sandbox TIDs.

My app has not been released yet and it seems that Apple doesn't let me test it on production..