apple_devicecheck_api_jwt_auth_query_bits.py

1import time
2import jwt
3import requests
4
5# Configuration: Replace these with your Apple Developer account details
6KEY_ID = 'YOUR_KEY_ID'          # 10-character Key ID from Apple Developer portal
7TEAM_ID = 'YOUR_TEAM_ID'        # Your 10-character Team ID
8ALGORITHM = 'ES256'
9PRIVATE_KEY = """-----BEGIN PRIVATE KEY-----
10YOUR_PRIVATE_KEY_CONTENT_HERE
11-----END PRIVATE KEY-----"""
12
13# DeviceCheck API Endpoints
14# Production: https://api.devicecheck.apple.com/v1/query_two_bits
15# Development: https://api.development.devicecheck.apple.com/v1/query_two_bits
16URL = "https://api.development.devicecheck.apple.com/v1/query_two_bits"
17
18def generate_token():
19    """Generates the signed JWT required for Apple DeviceCheck authentication."""
20    headers = {
21        'alg': ALGORITHM,
22        'kid': KEY_ID
23    }
24    payload = {
25        'iss': TEAM_ID,
26        'iat': int(time.time())
27    }
28    return jwt.encode(payload, PRIVATE_KEY, algorithm=ALGORITHM, headers=headers)
29
30def query_device(device_token):
31    """
32    Sends a request to Apple to query the two bits associated with a device.
33    :param device_token: The base64-encoded token generated by the app on the device.
34    """
35    auth_token = generate_token()
36    
37    headers = {
38        'Authorization': f'Bearer {auth_token}',
39        'Content-Type': 'application/json'
40    }
41    
42    body = {
43        'device_token': device_token,
44        'transaction_id': 'unique-uuid-per-request', # Should be a unique UUID
45        'timestamp': int(time.time() * 1000)
46    }
47
48    response = requests.post(URL, json=body, headers=headers)
49    
50    if response.status_code == 200:
51        print("Success:", response.json())
52    else:
53        print(f"Error {response.status_code}: {response.text}")
54
55if __name__ == "__main__":
56    # Example device token from your iOS app
57    EXAMPLE_DEVICE_TOKEN = "BASE64_DEVICE_TOKEN_FROM_APP"
58    query_device(EXAMPLE_DEVICE_TOKEN)