Hi all — hoping someone has hit this.
Our MusicKit JS (v3) web app calls authorize() and it rejects with AUTHORIZATION_ERROR / "Unauthorized" (no Music User Token is issued), even though the same developer token returns HTTP 200 for catalog requests (/v1/catalog/us/search) — so the token itself is valid.
Setup (all verified):
MusicKit JS v3 from js-cdn.music.apple.com/musickit/v3/musickit.js; MusicKit.configure() succeeds, storefront resolves to "us".
Developer token is ES256, valid, and includes the origin claim for our exact site origin.
Our MusicKit key is enabled for Media Services and tied to a Media ID that has MusicKit enabled.
Referrer-Policy: strict-origin-when-cross-origin.
Repro: sign in with an active Apple Music subscriber and tap Allow -> authorize() rejects. Reproduces for two subscriber Apple IDs, in Chrome and Edge, with third-party cookies allowed.
Error object: { name: "AUTHORIZATION_ERROR", message: "Unauthorized", isMKError: true }, thrown inside musickit.js during the authorize() flow. The served MusicKit build is a prerelease (3.2526.0-prerelease.x).
We've ruled out the usual suspects on our side (origin claim, referrer policy, token validity, API version, cookies, and portal provisioning). Has anyone resolved this, or is there an additional server-side enablement needed for a team/Media ID to issue web user tokens? Also filed as FB23587284. Thanks!
1
0
30