Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Script to generate Apple Client secret
import { SignJWT } from "jose"
import { createPrivateKey } from "crypto"
if (process.argv.includes("--help") || process.argv.includes("-h")) {
Creates a JWT from the components found at Apple.
By default, the JWT has a 6 months expiry date.
Read more:
node apple.mjs [--kid] [--iss] [--private_key] [--sub] [--expires_in] [--exp]
--help Print this help message
--kid, --key_id The key id of the private key
--iss, --team_id The Apple team ID
--private_key The private key to use to sign the JWT. (Starts with -----BEGIN PRIVATE KEY-----)
--sub, --client_id The client id to use in the JWT.
--expires_in Number of seconds from now when the JWT should expire. Defaults to 6 months.
--exp Future date in seconds when the JWT expires
} else {
const args = process.argv.slice(2).reduce((acc, arg, i) => {
if (arg.match(/^--\w/)) {
const key = arg.replace(/^--/, "").toLowerCase()
acc[key] = process.argv[i + 3]
return acc
}, {})
const {
iss = team_id,
sub = client_id,
kid = key_id,
expires_in = 86400 * 180,
exp = Math.ceil( / 1000) + expires_in,
} = args
* How long is the secret valid in seconds.
* @default 15780000
const expiresAt = Math.ceil( / 1000) + expires_in
const expirationTime = exp ?? expiresAt
Apple client secret generated. Valid until: ${new Date(expirationTime * 1000)}
${await new SignJWT({})
.setProtectedHeader({ alg: "ES256", kid })
.sign(createPrivateKey(private_key.replace(/\\n/g, "\n")))}`)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment