DeviceCheck: Unable to verify authorization token

Question

I’m trying to get DeviceCheck to work, where I keep getting this response from Apple’s server: 401 Unable to verify authorization token.

The device_token is being sent to my python server over a base64 encoded string in JSON payload. Any ideas what I might be doing wrong?

Here is my code example:

def device_check_query(device_token):  
    data = {  
        'device_token': device_token,  
        'transaction_id': str(uuid4()),  
        'timestamp': int(time.time() * 1000),  
    }  
    jw_token = get_jw_token()  
    headers = {'Authorization': 'Bearer ' + jw_token}  
    response = requests.post(QUERY_URL, json=data, headers=headers)  
    return response.content

def get_jw_token():  
    with open(KEY_FILE, 'r') as cert_file:  
        certificate = cert_file.read()  

    jw_token = jwt.encode(  
        {'iss': TEAM_ID}, certificate,  
        algorithm='ES256',  
        headers={'kid': KEY_ID})  

    return jw_token

Answer 1

you need to add in the payload the issuer key and iat then it will work, check my code below

import time
def device_check_query(device_token):  
    data = {  
        'device_token': device_token,  
        'transaction_id': str(uuid.uuid4()),  
        'timestamp': int(time.time() * 1000),  
    }  
    jw_token = get_jw_token()  
    headers = {'Authorization': 'Bearer ' + jw_token}  
    response = requests.post(url, json=data, headers=headers)  
    return response.content

def get_jw_token():  
    with open('myfile.p8', 'r') as cert_file:  
        certificate = cert_file.read()  
    jw_token = jwt.encode(  
        {'iss': issuer,'iat': int(time.time())}, certificate,  
        algorithm='ES256',  
        headers={'kid': keyid})  
    return jw_token
device_check_query(u"1234e323a22133....")