App Store Connect API client JWT expiration

[priitlatt]

As of version 0.14.1 the default expiration duration of App Store Connect API JSON Web Tokens used by used by AppStoreConnectApiClient is just 30 seconds [src], while it can be up to 20 minutes in case scope is not specified, and even longer if token scope is defined. See App Store Connect API docs about generating tokens for API requests.

In some cases App Store Connect API respons with 401 Unauthorized when completely valid JWT is provided in request headers, and this can make app-store-connect commands fail unexpectedly. We should reuse JWTs as long as possible to avoid such cases. In order to achieve this:

1. increase the expiration time for generated JWTs from 30 seconds to something close to 20 minutes,
2. cache generated JWTs to disk so that tokens can be reused between CLI invocations.

[priitlatt]

Actually JSON web token expiration is set to 19 minutes from the time they are created, and then they are discarded once less than 30 seconds is left until the hard expiration.

[jleach]

I may have run into this yesterday: After successfully uploading app-store-connect publish , the following API call failed. It was because I'm using a token with Developer privileges. When I tested with a token with App Manager privileges it worked fine.

GET https://api.appstoreconnect.apple.com/v1/apps?limit=100&sort=name&filter%5BbundleId%5D=xxx.xxx.xxx.TestBuildAndSign returned 401: Authentication credentials are missing or invalid. - Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens

[priitlatt]

Will be fixed by #184.