Comments (19)
So one thing that the ipsw appstore profile ls
command does is generate a 5min long JWT to perform all the web requests.
I wonder if you've created a JWT for one machine, but then try and run on another machine and it rejects it because you still have a JWT that is alive on another machine?
I could change the duration to only 10-30 secs OR I could add support for long lived JWT tokens and let you use those instead of the --p8
, --iss
and --kid
flags?
from ipsw.
I added a 🆕 ipsw appstore token --lifetime 10d
command to let the user generate reusable tokens that the other commands will accept inplace of the --p8
, --iss
and --kid
flags.
from ipsw.
IF that also fails then I think Apple doesn't like that other workstation's IP 😬
from ipsw.
This results in an error:
⨯ invalid argument "10d" for "-l, --lifetime" flag: time: unknown unit "d" in duration "10d"
from ipsw.
I used 87600h
instead.
Then I tried using the newly created jwt token, but got:
⨯ 401 Unauthorized: NOT_AUTHORIZED: Authentication credentials are missing or invalid. (Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens)
from ipsw.
IF that also fails then I think Apple doesn't like that other workstation's IP 😬
The second workstation had the same IP
from ipsw.
This results in an error:
⨯ invalid argument "10d" for "-l, --lifetime" flag: time: unknown unit "d" in duration "10d"
dang :( I looked at the docs for golang duration syntax and it said it understood days, but looking at the flag library it looks like it only understands h, m, s
from ipsw.
I used
87600h
instead. Then I tried using the newly created jwt token, but got:⨯ 401 Unauthorized: NOT_AUTHORIZED: Authentication credentials are missing or invalid. (Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens)
there might be some kind of a limit on the time Apple is enforcing, what about making it a 10h JWT?
from ipsw.
from that link that Apple sent you in the error: Tokens that expire more than 20 minutes into the future
from ipsw.
Reading the Apple docs they say to use short term JWTs which is what I was originally doing, but think I was making tokens that lasted too long so now they are a minute.
from ipsw.
https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests/
from ipsw.
Since I cannot make JWT token last longer I still use the "old" method. Then from a specific mac I still get the following error:
⨯ 401 Unauthorized: NOT_AUTHORIZED: Authentication credentials are missing or invalid. (Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens)
from ipsw.
Did you start on the machine that doesn't work? How much time passed between trying on different machines?
from ipsw.
I tried all possible combinations.
- Created profile on machine A and renew on A
- Created profile on machine B and renew on B
- Created profile on machine A and renew on B
- Created profile on machine B and renew on A
Only machine B cannot do anything using the connect API.
I did all of it on machine C also and it worked - so it must be some other dependency or something in that area.
Instead, if going to Apple's website it works just fine from all machines.
Also, they are all on the same router and going through same IP.
from ipsw.
that is very strange indeed. I'm not sure what else to try. those ipsw appstore
commands are just using stdlib HTTP commands, to talk to a RESTful API, and crypto and is all statically compiled so the host should make 0 difference. The Apple error coming back is about the auth to the Apple server so to me that means that the --p8
key is bad on that machine OR the --iss
or the --kid
is wrong?
from ipsw.
I even tried to transfer them all as a zip file with a shell script to test to make sure all the parameters are really okay. I also don't have a clue why is difference
from ipsw.
if you generate a JWT on a machine that works and then use that JWT on the machine that does NOT work, does that work?
ipsw appstore token --lifetime 20m
and then ipsw profile ls --jwt TOKEN
?
from ipsw.
if you generate a JWT on a machine that works and then use that JWT on the machine that does NOT work, does that work?
ipsw appstore token --lifetime 20m
and thenipsw profile ls --jwt TOKEN
?
This works, but since only for 20m its not too viable
from ipsw.
ya the 20mins isn't very usable at all, but it does prove that the token generated on one machine works on another. So the only thing I could imagine is that the JWT lib is the issue? as all other components are stdlib. I have no idea how to test. I know that there are JWT parsers online etc. I'd be curious what differences could be spotted when comparing the tokens generated by both machines. Also are they running the same version of ipsw
?
from ipsw.
Related Issues (20)
- Add `ipsw symbolicate` support for more crash log types HOT 2
- Different --device flags for different OS in config.yml
- config.yml for dev releases
- Unable to extract OTA payload files: AppleTV 4K HOT 4
- Unable to differentiate between OTAs and ipsws when using the appledb download method
- Unable to download IPA from App Store using 2FA enabled account HOT 6
- RSR Download functionality not working HOT 3
- Add the option to analyze kernelcache in ghidra HOT 2
- ipsw device-list command is not same with docs HOT 1
- Can't extract KEXTs HOT 1
- ipsw diff failures HOT 6
- `ipsw diff` - add machos file diffs HOT 10
- `ipsw diff` - Extract changed files / Extraction command generation HOT 5
- AUR package fails to build and other issues HOT 14
- Add support for jump tables etc in `ipsw dsc extract` command
- `ipsw diff` mount failure on iPhone ipsw HOT 3
- --no-color option doesn't seem to work HOT 1
- failed to parse plists in IPSW: failed to parse devicetree when extracting iOS 9 IPSW HOT 3
- Trying to create a nix package. `no required module provides package github.com/blacktop/ipsw/pkg/sandbox/compile` HOT 5
- ⨯ failed to mount DMGs: failed to get SystemOS DMG: no SystemOS DMG found: cryptex not found HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ipsw.