Class: Spaceship::ConnectAPI::Token

Inherits:
Object
  • Object
show all
Defined in:
spaceship/lib/spaceship/connect_api/token.rb

Constant Summary collapse

MAX_TOKEN_DURATION =

maximum expiration supported by AppStore (20 minutes)

1200
DEFAULT_TOKEN_DURATION = 
500

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(key_id: nil, issuer_id: nil, key: nil, key_raw: nil, duration: nil, in_house: nil) ⇒ Token

Returns a new instance of Token.



78
79
80
81
82
83
84
85
86
87
88
89
90
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 78

def initialize(key_id: nil, issuer_id: nil, key: nil, key_raw: nil, duration: nil, in_house: nil)
  @key_id = key_id
  @key = key
  @key_raw = key_raw
  @issuer_id = issuer_id
  @duration = duration
  @in_house = in_house

  @duration ||= DEFAULT_TOKEN_DURATION
  @duration = @duration.to_i if @duration

  refresh!
end

Instance Attribute Details

#durationObject (readonly)

Returns the value of attribute duration.



21
22
23
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 21

def duration
  @duration
end

#expirationObject (readonly)

Returns the value of attribute expiration.



22
23
24
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 22

def expiration
  @expiration
end

#in_houseObject

Temporary attribute not needed to create the JWT text There is no way to determine if the team associated with this key is for App Store or Enterprise so this is the temporary workaround



29
30
31
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 29

def in_house
  @in_house
end

#issuer_idObject (readonly)

Returns the value of attribute issuer_id.



19
20
21
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 19

def issuer_id
  @issuer_id
end

#key_idObject (readonly)

Returns the value of attribute key_id.



18
19
20
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 18

def key_id
  @key_id
end

#key_rawObject (readonly)

Returns the value of attribute key_raw.



24
25
26
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 24

def key_raw
  @key_raw
end

#textObject (readonly)

Returns the value of attribute text.



20
21
22
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 20

def text
  @text
end

Class Method Details

.create(key_id: nil, issuer_id: nil, filepath: nil, key: nil, is_key_content_base64: false, duration: nil, in_house: nil) ⇒ Object 



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 52

def self.create(key_id: nil, issuer_id: nil, filepath: nil, key: nil, is_key_content_base64: false, duration: nil, in_house: nil, **)
  key_id ||= ENV['SPACESHIP_CONNECT_API_KEY_ID']
  issuer_id ||= ENV['SPACESHIP_CONNECT_API_ISSUER_ID']
  filepath ||= ENV['SPACESHIP_CONNECT_API_KEY_FILEPATH']
  duration ||= ENV['SPACESHIP_CONNECT_API_TOKEN_DURATION']

  in_house_env = ENV['SPACESHIP_CONNECT_API_IN_HOUSE']
  in_house ||= !["", "no", "false", "off", "0"].include?(in_house_env) if in_house_env

  key ||= ENV['SPACESHIP_CONNECT_API_KEY']
  key ||= File.binread(filepath)

  if !key.nil? && is_key_content_base64
    key = Base64.decode64(key)
  end

  self.new(
    key_id: key_id,
    issuer_id: issuer_id,
    key: OpenSSL::PKey::EC.new(key),
    key_raw: key,
    duration: duration,
    in_house: in_house
  )
end

.from(hash: nil, filepath: nil) ⇒ Object 



31
32
33
34
35
36
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 31

def self.from(hash: nil, filepath: nil)
  # FIXME: Ensure `in_house` value is a boolean.
  api_token ||= self.create(**hash.transform_keys(&:to_sym)) if hash
  api_token ||= self.from_json_file(filepath) if filepath
  return api_token
end

.from_json_file(filepath) ⇒ Object 



38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 38

def self.from_json_file(filepath)
  json = JSON.parse(File.read(filepath), { symbolize_names: true })

  missing_keys = []
  missing_keys << 'key_id' unless json.key?(:key_id)
  missing_keys << 'key' unless json.key?(:key)

  unless missing_keys.empty?
    raise "App Store Connect API key JSON is missing field(s): #{missing_keys.join(', ')}"
  end

  self.create(**json)
end

Instance Method Details

#expired?Boolean

Returns:

  • (Boolean) 


118
119
120
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 118

def expired?
  @expiration < Time.now
end

#refresh!Object 



92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 92

def refresh!
  now = Time.now
  @expiration = now + @duration

  header = {
    kid: key_id,
    typ: 'JWT'
  }

  payload = {
    # Reduce the issued-at-time in case our time is slighly ahead of Apple's servers, which causes the token to be rejected.
    iat: now.to_i - 60,
    exp: @expiration.to_i,
    aud: @in_house ? 'apple-developer-enterprise-v1' : 'appstoreconnect-v1'
  }
  if issuer_id
    payload[:iss] = issuer_id
  else
    # Consider the key as individual key.
    # https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests#4313913
    payload[:sub] = 'user'
  end

  @text = JWT.encode(payload, @key, 'ES256', header)
end

#write_key_to_file(path) ⇒ Object 



122
123
124
 
# File 'spaceship/lib/spaceship/connect_api/token.rb', line 122

def write_key_to_file(path)
  File.open(path, 'w') { |f| f.write(@key_raw) }
end