0

I'm using react-native-apple-music https://github.com/Lemonadd-UG/react-native-apple-music to request user access to their music library. It requires my Apple music private key to get the user's music token which I can then use to access their music.

    await AppleMusic.initialize(
      AppleMusicKeyId,
      AppleMusicTeamId,
      AppleMusicPrivateKey,
    );
    await AppleMusic.login();
    return await AppleMusic.getUserMusicToken();

How can I securely store and transmit the private key? I can't store it on the client. If I store it in a secret manager in AWS/GCP I still need to transmit it to the client to use for initializing the AppleMusic library which also doesn't seem very secure even over https. If I encrypt the Apple private key during transmission to the client I still need to decrypt it on the client and then I have the same problem securing the key I used to decrypt. Not sure how to really secure the Apple music private key and looking for help with a best practice to do this.

Hunter
  • 31
  • 4
  • Deleted my answer which was not good. However, one notion: You don't have to transfer you private key to the client. According to documentation and discussions elsewhere you have to generate a developer _token_ signed with you private key and use it to fetch the user music token in the client side. https://developer.apple.com/documentation/storekit/skcloudservicecontroller/2909079-requestusertoken – Marko Eskola Dec 31 '21 at 17:16
  • That was a good idea. I implemented that functionality in my library here: https://github.com/vonrosen/react-native-apple-music/blob/master/ios/AppleMusicAPI.swift#L41 Thanks. – Hunter Jan 23 '22 at 03:18

0 Answers0