0

I'm trying to implement a free trial mechanism using Apple's new DeviceCheck mechanism in iOS11. I've implemented the server part in RAILs 4. There's a fair bit of code, so I've put it in a gist: https://gist.github.com/jmfriend/b86f52f8f0649ad4cae176c08b77f000

I get the error: "Missing or badly formatted authorization token". That suggests that I'm doing something wrong when generating the JWT for the AuthKey_#####.p8 file.

This code is also in the gist, but for ease of reference given it's probably where the issue is this is the code that handles the p8 file:

def auth_header
  # The authentication key must must use the ES256 algorithm and be in the Base 64 URL–encoded JSON web token format.
  # If your token doesn't use this format, you receive a BAD_AUTHENTICATION_TOKEN HTTP error.
  "Bearer #{auth_token}"
end

def auth_token
  @auth_token ||= fetch_auth_token
end

def fetch_auth_token
  header = {
      typ: "JWT", # Must be specified; not in documentation
      alg: "ES256",
      kid: key_id
  }

  body = {
      iss: team_id,
      iat: DateTime.now().to_time.to_i ,
      exp: DateTime.now().to_time.to_i + 43_200 # 12hrs     #    Time.now.to_i
  }

  authentication_token = JWT.encode(body, auth_key, 'ES256', header_files = header)
  authentication_token
end

def auth_key
  file = File.read(developer_token_file)
  key = OpenSSL::PKey::EC.new(file)
  key.check_key
  key
end
Jmf
  • 407
  • 3
  • 9
  • Found one mistake, header_files should be header_fields. Unfortunately, still getting the same error. – Jmf Jan 26 '18 at 12:30
  • Have now tried this against the live Apple server, and get a different response. Oddly, no longer get "Missing or badly formatted authorization token". However, I am get a 200 response with the message: 'Failed to find bit state'. This is not JSON so broke my code that was expecting JSON. Does anyone know what this message means? It's in the official documentation, but no explanation that I can see of why you'd get it. – Jmf Feb 01 '18 at 15:14

1 Answers1

0

The "Missing or badly formatted authorization token" issue in this instance was caused by using an application identifier like this: xxxx.com.companyname.subdomain.* when using the dev version of your app. In the live version of your app, because this app id ends up being an explicit App ID, it will work.

I've tested this getting the dev version of my app to use the explicit App ID by using a different provisioning profile to normal.

'Failed to find bit state' it turns out, just means you've not set any bits yet for this device. You don't need to validate a device, before setting its bits. Note also updated the RAIls gist to code that's working in live.

Jmf
  • 407
  • 3
  • 9