How to create a JWT Token for Apple Music Kit

[muuvmuuv]

I am really stuck with this, trying to figure out how to create a JWT for Apple Music Kit. It says:

After you create the token, sign it with your MusicKit private key. Then encrypt the token using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm. Specify the value ES256 in the algorithm header key (alg).

More here: https://developer.apple.com/documentation/applemusicapi/getting_keys_and_creating_tokens

So my attempt was just following the documentation and replace a few things that are required for Apple, but I always get enc is missing (I don't know what to put in there) or alc is not supported.

const jwt = new EncryptJWT({})
  .setProtectedHeader({
    kid: 'XXXXXXX',
    alg: 'ES256',
    crv: 'P-256',
  })
  .setIssuer('XXXXXXX')
  .setIssuedAt(now.unix())
  .setExpirationTime(now.add(1, 'week').unix())
  .encrypt(privateKey)

The format of the private key is:

-----BEGIN PRIVATE KEY-----
KEY
-----END PRIVATE KEY-----

Much appreciate and hints!

[panva]

Apple's documentation says encrypt, but they mean sign. ES256 is a DSA scheme, not encryption one. The tokens are signed, not encrypted.

You want to use the jose/jwt/sign module instead.

You'll also have to pass the private key through Node's crypto.createPrivateKey to end up with a KeyObject instance that is required as input.

const keyObject = crypto.createPrivateKey(privateKey); // cache this value, you'll be re-using it.

const jwt = new SignJWT({})
  .setProtectedHeader({
    kid: 'ABC123DEFG',
    alg: 'ES256',
  })
  .setIssuer('DEF123GHIJ')
  .setIssuedAt()
  .setExpirationTime('1 week')
  .sign(keyObject)

[muuvmuuv]

Thank you! That crypto.createPrivateKey part was missing. I already thought that passing just a string cannot work but had no idea how to transform it.

[panva]

https://github.com/panva/jose/blob/v3.5.4/docs/types/_types_d_.keylike.md

[muuvmuuv]

Just updated the title for others googling the same ^^

[panva]

Please consider supporting the library if it provides value to you or your company and this was of help to you. Supporting the library means, amongst other things, that the library will remain supported and such support will be available in the future.