Python

JWT Apple Signin Errors: raise ValueError(“Could not deserialize key data.”)

2 Errors that were painful to debug.

1. {"error":"invalid_client"}

Explanation: Apple requires that ES256 algorithm is used when encoding. See here.

Solution, use:

jwt.encode(data, APPLE_SIGNIN_PRIVATE_KEY, algorithm="ES256")

2. raise ValueError("Could not deserialize key data.")

Since we must use ES256, this finicky algorithm depends on a package that cares about whether the apple signin private key you’re using contains new lines or not (it should). See here.

Solution:

# Bad format
APPLE_SIGNIN_PRIVATE_KEY = (
  "-----BEGIN PRIVATE KEY-----"
  "aaaaaaaaaaaaaaaaaaaaaaaaaaa"
  "bbbbbbbbbbbbbbbbbbbbbbbbbbb"
  "-----END PRIVATE KEY-----"
)

# Good format
APPLE_SIGNIN_PRIVATE_KEY = """
-----BEGIN PRIVATE KEY-----
aaaaaaaaaaaaaaaaaaaaaaaaaaa
bbbbbbbbbbbbbbbbbbbbbbbbbbb
-----END PRIVATE KEY-----
"""
Standard

One thought on “JWT Apple Signin Errors: raise ValueError(“Could not deserialize key data.”)

  1. Thanks for this post!

    I was trying to communicate with Apple’s API via my python AWS lambda function. I had the private key in a single-line AWS environment variable with “\n” characters in it. But I was getting the “Could not deserialize key data” error.

    I didn’t think for a second that it was literalizing the “\n” characters, until I saw this post! I switched “\n” to “[newline]” in the environment variable and then did a myVar.replace(“[NEWLINE]”,”\n”) in my code and everything worked perfectly!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.