Closed dtarnawsky closed 7 months ago
For anyone looking at this issue I found the answer using jose, the secret needs to be imported using importPKCS8
.
There is likely an equivalent way with cloudflare-worker-jwt.
Having the same issue, do you have an example?
Hey @zer0stars , if you are using the Device Check api from Apple then Apple will return this error when you are testing your app via XCode, if you deploy to Test Flight then it works - there is nothing wrong with the JWT and "Missing or badly formatted authorization token
" really means that Apple will not accept it as it is coming from a device it does not trust. I ended up writing about this in this tutorial.
Using
jwt.sign
to create a JWT to post to Apple's Device Check API (docs) is resulting in an error "Missing or badly formatted authorization token". Apple's API requires anES256
algorithm, private key andkid
in the header.I think there may a problem when signing with this algorithm so I wrote a unit test to
sign
and thenverify
the signed token which fails with an errorInvalidAccessError: Unable to use this key to verify
.Here's the unit test to use:
Perhaps I've written a bad unit test or Apple just doesn't like my token, but I figured it would be worth posting here to see if it looks like a real issue as I would think calling sign to get a token and then verifying it would result in a verified token.