Javascript 401通过node.js访问MusicKit API时出错
我试图访问MusicKit API,但它不断返回未经授权的错误。我想不出来。我有以下代码来生成开发人员令牌:Javascript 401通过node.js访问MusicKit API时出错,javascript,node.js,apple-musickit,Javascript,Node.js,Apple Musickit,我试图访问MusicKit API,但它不断返回未经授权的错误。我想不出来。我有以下代码来生成开发人员令牌: const privateKey = fs.readFileSync("resources/AuthKey.p8").toString(); const teamId = "MYTEAMID"; const keyId = "MYKEYID"; const options = { algorithm: "ES256", expiresIn
const privateKey = fs.readFileSync("resources/AuthKey.p8").toString();
const teamId = "MYTEAMID";
const keyId = "MYKEYID";
const options = {
algorithm: "ES256",
expiresIn: "180d",
issuer: "MYTEAMID", // your 10-character Team ID, obtained from your developer account
header: {
alg: "ES256",
kid: "MYKEYID", // your MusicKit Key ID
},
};
return new Promise((resolve: any, reject: any) => {
jwt.sign({}, privateKey, options, (error, token) => {
if (error) {
return reject(error);
} else { // token created
return resolve(token);
}
});
});
这将生成一个成功的令牌。解码时,此令牌的标头值如下:
{
"alg": "ES256",
"typ": "JWT",
"kid": "MYKEYID"
}
{
"iat": 1558197586,
"exp": 1573749586,
"iss": "MYTEAMID"
}
有效载荷值如下所示:
{
"alg": "ES256",
"typ": "JWT",
"kid": "MYKEYID"
}
{
"iat": 1558197586,
"exp": 1573749586,
"iss": "MYTEAMID"
}
我知道苹果没有在标题中指定typ
,所以这可能是个问题吗
然后,我尝试在对一个示例艺术家的curl请求中使用它,比如curl-v-H'Authorization:Bearer'https://api.music.apple.com/v1/catalog/us/artists/36954“
但它会返回一个401错误:
Trying 23.13.216.88...
* TCP_NODELAY set
* Connected to api.music.apple.com (23.13.216.88) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: businessCategory=Private Organization; jurisdictionCountryName=US; jurisdictionStateOrProvinceName=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; OU=Internet Services for Akamai; CN=itunes.apple.com
* start date: May 1 00:00:00 2019 GMT
* expire date: May 1 12:00:00 2020 GMT
* subjectAltName: host "api.music.apple.com" matched cert's "api.music.apple.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7ff42a004600)
> GET /v1/catalog/us/artists/36954 HTTP/2
> Host: api.music.apple.com
> User-Agent: curl/7.54.0
> Accept: */*
> Authorization: Bearer eyJh...
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 401
< content-type: application/json; charset=utf-8
< access-control-allow-origin: *
< strict-transport-security: max-age=31536000; includeSubDomains
< date: Sat, 18 May 2019 16:33:58 GMT
< x-cache: TCP_MISS from a104-117-183-52.deploy.akamaitechnologies.com (AkamaiGHost/9.6.4.1-25700704)
<
* Connection #0 to host api.music.apple.com left intact
正在尝试23.13.216.88。。。
*TCP_节点集
*已连接到api.music.apple.com(23.13.216.88)端口443(#0)
*阿尔卑斯山,提供h2
*ALPN,提供http/1.1
*密码选择:全部:!出口:!出口40:!出口56:!阿努尔:!低:!RC4:@强度
*已成功设置证书验证位置:
*CAfile:/etc/ssl/cert.pem
卡帕斯:没有
*TLSv1.2(输出),TLS握手,客户端问候(1):
*TLSv1.2(IN)、TLS握手、服务器hello(2):
*TLSv1.2(IN),TLS握手,证书(11):
*TLSv1.2(IN)、TLS握手、服务器密钥交换(12):
*TLSv1.2(IN),TLS握手,服务器完成(14):
*TLSv1.2(输出)、TLS握手、客户端密钥交换(16):
*TLSv1.2(OUT),TLS更改密码,客户端hello(1):
*TLSv1.2(输出),TLS握手,完成(20):
*TLSv1.2(IN),TLS更改密码,客户端hello(1):
*TLSv1.2(IN),TLS握手,完成(20):
*使用TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384的SSL连接
*ALPN,服务器接受使用h2
*服务器证书:
*主题:businessCategory=私人组织;辖区CountryName=US;辖区StateorProvinceName=加利福尼亚州;serialNumber=C0806592;C=美国;ST=加利福尼亚州;L=库比蒂诺;O=苹果公司。;OU=Akamai的互联网服务;CN=itunes.apple.com
*开始日期:格林威治时间2019年5月1日00:00:00
*过期日期:5月1日12:00:00格林威治标准时间2020
*主题名称:主机“api.music.apple.com”匹配证书的“api.music.apple.com”
*发行人:C=美国;O=DigiCert公司;OU=www.digicert.com;CN=DigiCert SHA2扩展验证服务器CA
*SSL证书验证正常。
*使用HTTP2,服务器支持多用途
*连接状态已更改(HTTP/2已确认)
*升级后正在将流缓冲区中的HTTP/2数据复制到连接缓冲区:len=0
*使用流ID:1(易处理0x7ff42a004600)
>GET/v1/catalog/us/artists/36954 HTTP/2
>主持人:api.music.apple.com
>用户代理:curl/7.54.0
>接受:**
>授权:持有人eyJh。。。
>
*连接状态已更改(最大并发流已更新)!
为什么???不确定您正在使用哪个
jwt
库,以及是否正确使用
这对我很有用:
const jwt = require('jsonwebtoken');
const fs = require('fs')
const APNS_KEY_ID = 'XXXXXXXXXXX'
const TEAM_ID = 'XXXXXXXXXXX'
const TWENTY_FOUR_HOURS = 1000 * 60 * 60 * 24;
const privateKey = fs.readFileSync("keys/AuthKey.p8").toString();
const generateToken = () => {
var now = new Date();
var tomorrow = new Date(now.getTime() + TWENTY_FOUR_HOURS);
token = jwt.sign({
'iss': TEAM_ID,
'iat': Math.floor(now / 1000),
'exp': Math.floor(tomorrow / 1000)
}, privateKey, { algorithm: 'ES256', 'keyid': APNS_KEY_ID})
console.log('Apple token generated', token)
return token
}
generateToken()
要测试:
curl -X GET \
'https://api.music.apple.com/v1/catalog/us/search?term=drake&types=songs&limit=1' \
-H 'Authorization: Bearer eyJh...'
谢谢你的回答,但它对我不起作用:(我只是不知道出了什么问题。我使用的是与你和其他人一样的
jsonwebtoken
库。我可以称之为“模拟太多错误”端点使用我的令牌生成很好,它给了我正确的429错误代码,但不是实际的端点可能尝试一个较短的exp
。180是最大值,我想。我已经尝试过了,我尝试过你的代码,它就是不起作用。你能给我一个你为我生成的令牌的示例吗?我用我的令牌a尝试了相同的cURL命令然后是您的(来自您的代码片段)。与我的兼容,而与您的兼容。唯一的区别是kid
,iss
,iat
,exp
,这是预期的。可能会为MusicKit服务重新生成您的私钥()。应该是一个3行文件。