嗯,用户让我总结一下这篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”之类的开头。我得先仔细读一下这篇文章。 文章讲的是如何通过Apple的AppleSeed for IT项目来获取beta测试设备的令牌。具体来说,用户需要使用管理员角色的账户在Apple Business Manager或Apple School Manager中注册,然后获取这些令牌,这样设备就可以加入Apple的beta测试项目,而不需要在设备上登录Apple账户。 接下来,文章提到苹果提供了一个API端点来获取这些令牌,但文档中没有详细说明如何设置API调用和OAuth认证。这时候,HCS Technology Group的技术文章就派上用场了。他们展示了如何使用ADE令牌和微软的getBetaTokens脚本来获取必要的OAuth凭证,并调用API来获取所有可用的beta令牌。 文章还详细描述了具体的步骤:设置新的设备管理服务服务器、上传公钥、下载ADE令牌、运行脚本自动处理OAuth认证和获取令牌。最后,脚本会列出所有可用的beta测试项目及其对应的令牌。 总结一下,这篇文章主要介绍了通过API和特定脚本从Apple获取beta测试令牌的过程,适用于企业或学校管理员进行设备管理。 </think> 文章介绍了一种通过API和特定脚本从Apple获取beta测试令牌的方法。管理员需在Apple Business Manager或School Manager中注册,并使用ADE令牌和getBetaTokens脚本进行OAuth认证,从而调用API获取所有可用的beta测试项目及其对应令牌。 2026-1-6 15:14:9 Author: derflounder.wordpress.com(查看原文) 阅读量:6 收藏
As discussed in an earlier post, you can sign up for Apple’s AppleSeed for IT program using a user with the Administrator role in Apple Business Manager or Apple School Manager and subsequently obtain tokens which allow devices to be enrolled in Apple’s beta programs without the need for the user to sign in with an Apple Account on the device.
Apple has documentation available on how to obtain these tokens using an API call to the following endpoint:
https://mdmenrollment.apple.com/os-beta-enrollment/tokens
However, the documentation does not include the specifics on how to set up the API call or the necessary OAuth authentication for it. Fortunately, the folks at HCS Technology Group have published a technical article showing how to obtain the necessary tokens using the following:
- An ADE token from your organization’s Apple Business Manager or Apple School Manager instance.
- The getBetaTokens script written by the folks from Microsoft.
For more details, please see below the jump.
I’m going to be using the process described in the HCS technical article to do the following:
1. Set up a new Device Management Services server in Apple Business Manager.
2. Use the getBetaTokens script to do the following:
- Generate a public key for the new Device Management Services server.
- Use the ADE token from the new Device Management Services server as a source for the necessary OAuth credentials for the API call to the https://mdmenrollment.apple.com/os-beta-enrollment/tokens endpoint
- Authenticate to the API endpoint and fetch all available Apple beta tokens associated with an organization’s AppleSeed for IT program.
- Display all available beta tokens
Pre-requisites:
- An Apple Business Manager instance.
- Enrollment in the AppleSeed for IT program by a user with the Administrator role for that Apple Business Manager instance.
- A managed Apple Account with the Administrator or Device Manager role for that Apple Business Manager instance.
- The getBetaTokens script.
1. Log into Apple Business Manager using a managed Apple Account with the Administrator or Device Manager role. In the case of my example, I am using an account with the Administrator role.
2. At the bottom left corner of the browser, click on the menu and select Preferences.
3. Click the Add button for the Device Management Services section.
4. Name the new Device Management Services server. For this example, I’m choosing to name it as Apple Beta Tokens.
Note: You will not be able to save changes to the new Device Management Services server until a public key is uploaded.
5. Launch the getBetaTokens script. You should see output similar to this:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [INFO] No .p7m found in ./abm_auth. | |
| [ACTION] A certificate will be generated – upload the PEM to ABM, then | |
| download the issued *.p7m token (it usually lands in ~/Downloads). | |
| [INFO] No .p7m found: generating key + self-signed cert… | |
| Generating RSA private key, 2048 bit long modulus | |
| .+++++ | |
| …………………………………………+++++ | |
| e is 65537 (0x10001) | |
| Signature ok | |
| subject=/CN=Your MDM Server | |
| Getting Private key | |
| [ACTION] Upload this PEM to Apple Business Manager (Settings → MDM Servers) | |
| ──────────────────────────────────────────────────────────────── | |
| —–BEGIN CERTIFICATE—– | |
| MIICsDCCAZgCCQD5GClF1eAa6DANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9Z | |
| b3VyIE1ETSBTZXJ2ZXIwHhcNMjYwMTA2MTQxMzI5WhcNMjcwMTA2MTQxMzI5WjAa | |
| MRgwFgYDVQQDDA9Zb3VyIE1ETSBTZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB | |
| DwAwggEKAoIBAQDPVjJynmJ3QJNTwrMACJ467WB1zvASfJWKIXFzKKIhdXZBgAXi | |
| FqlLgXUi3J0sai9mrfbVI0yfnlOpaGws/t3lZ/4riKyfTj8IxSHSebwdDzHQR/8Q | |
| 5+B884wXdxs9FuWodvQ0EdGHMKkm5HaEc//m261JvadoT0LhScq1DT3Izv8Gd8k1 | |
| v5HjshNxZLSkqj4La7phb++bGem+nDXtItyykY7D5310xYl7XT6bGgM/s7QbvObj | |
| BuIKTkKLwtmlfU+Di4acqJ89VjuX6gnUxmn4YmNTCCWiT5v6GxvSbtzHQsLSD6Qk | |
| mac43pbeG/NFwSjR+YoyYLkdFuB0BUDcC0glAgMBAAEwDQYJKoZIhvcNAQELBQAD | |
| ggEBAIMUxul28kUTmFN8NT6bbjXPweORwtqiqEi3Y36ti2ING6Q2g+F29O7w5hrj | |
| bweGIHvON8V+oEzKWCQIDboCCD5iPa/EEaFhsy9/v/4jvPlrtW6c9eU8QOzCupSY | |
| Gyxfhg70M4cQCOl2G1eXsbzroLtJKmFMkpy8rCdMrFgaHW2/Xvw/cLDgQryDBSu3 | |
| Z7RAGRB+0QtG/qpMG/8oFhc32ZqdqPa+8L1HvxILYqf7zDRXrfyA1peI5dsmiPB2 | |
| X+2BWL5iAO/vl86XD8NO+ZKO82AzZXRVbTNRb0lSrweWMlbrC3u/plL2hiPDp6bj | |
| wBLo/hybOuVUGFmbPvTbjHMZdis= | |
| —–END CERTIFICATE—– | |
| ──────────────────────────────────────────────────────────────── | |
| After ABM issues you a *.p7m server token, drop it into this directory. | |
| [INFO] Watching /Users/username/Downloads for NEW *.p7m files (every 5s)… |
Note: Leave the script running, as it is watching for the ADE token which will be downloaded from Apple Business Manager later in this process.
In the directory you’re currently in for running the script, you should see a new abm_auth directory. This was created by the getBetaTokens script for storing the public key needed for the new Device Management Services server which was just created in Apple Business Manager.
Inside the abm_auth directory, there should be a file named mdm_public_cert.pem. This is the public key you need to upload to the new Device Management Services server in Apple Business Manager.
6. Get the mdm_public_cert.pem file and upload it to the Apple Beta Tokens Device Management Services server in Apple Business Manager.
7. Once the mdm_public_cert.pem file gas been uploaded to the Apple Beta Tokens server, click the Save button to save the changes.
8. Verify that the changes were saved successfully and that there is now an Apple Beta Tokens server appearing in Apple Business Manager.
9. In the Apple Beta Tokens server listing, click the Download Token button to download the ADE token associated with the Apple Beta Tokens server.
10. Confirm that you want to download the ADE token by clicking the Download Token button in the confirmation window.
11. The getBetaTokens script should detect the downloaded ADE token and then take the following actions automatically:
- Use the ADE token as a source for the necessary OAuth credentials for the API call to the https://mdmenrollment.apple.com/os-beta-enrollment/tokens endpoint.
- Authenticate to the API endpoint and fetch all available Apple beta tokens associated with an organization’s AppleSeed for IT program.
- Display all available beta tokens.
Once the script has completed running, you should see output similar to this:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [INFO] No .p7m found in ./abm_auth. | |
| [ACTION] A certificate will be generated – upload the PEM to ABM, then | |
| download the issued *.p7m token (it usually lands in ~/Downloads). | |
| [INFO] No .p7m found: generating key + self-signed cert… | |
| Generating RSA private key, 2048 bit long modulus | |
| .+++++ | |
| …………………………………………+++++ | |
| e is 65537 (0x10001) | |
| Signature ok | |
| subject=/CN=Your MDM Server | |
| Getting Private key | |
| [ACTION] Upload this PEM to Apple Business Manager (Settings → MDM Servers) | |
| ──────────────────────────────────────────────────────────────── | |
| —–BEGIN CERTIFICATE—– | |
| MIICsDCCAZgCCQD5GClF1eAa6DANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9Z | |
| b3VyIE1ETSBTZXJ2ZXIwHhcNMjYwMTA2MTQxMzI5WhcNMjcwMTA2MTQxMzI5WjAa | |
| MRgwFgYDVQQDDA9Zb3VyIE1ETSBTZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB | |
| DwAwggEKAoIBAQDPVjJynmJ3QJNTwrMACJ467WB1zvASfJWKIXFzKKIhdXZBgAXi | |
| FqlLgXUi3J0sai9mrfbVI0yfnlOpaGws/t3lZ/4riKyfTj8IxSHSebwdDzHQR/8Q | |
| 5+B884wXdxs9FuWodvQ0EdGHMKkm5HaEc//m261JvadoT0LhScq1DT3Izv8Gd8k1 | |
| v5HjshNxZLSkqj4La7phb++bGem+nDXtItyykY7D5310xYl7XT6bGgM/s7QbvObj | |
| BuIKTkKLwtmlfU+Di4acqJ89VjuX6gnUxmn4YmNTCCWiT5v6GxvSbtzHQsLSD6Qk | |
| mac43pbeG/NFwSjR+YoyYLkdFuB0BUDcC0glAgMBAAEwDQYJKoZIhvcNAQELBQAD | |
| ggEBAIMUxul28kUTmFN8NT6bbjXPweORwtqiqEi3Y36ti2ING6Q2g+F29O7w5hrj | |
| bweGIHvON8V+oEzKWCQIDboCCD5iPa/EEaFhsy9/v/4jvPlrtW6c9eU8QOzCupSY | |
| Gyxfhg70M4cQCOl2G1eXsbzroLtJKmFMkpy8rCdMrFgaHW2/Xvw/cLDgQryDBSu3 | |
| Z7RAGRB+0QtG/qpMG/8oFhc32ZqdqPa+8L1HvxILYqf7zDRXrfyA1peI5dsmiPB2 | |
| X+2BWL5iAO/vl86XD8NO+ZKO82AzZXRVbTNRb0lSrweWMlbrC3u/plL2hiPDp6bj | |
| wBLo/hybOuVUGFmbPvTbjHMZdis= | |
| —–END CERTIFICATE—– | |
| ──────────────────────────────────────────────────────────────── | |
| After ABM issues you a *.p7m server token, drop it into this directory. | |
| [INFO] Watching /Users/username/Downloads for NEW *.p7m files (every 5s)… | |
| [INFO] New token detected in Downloads: Apple Beta Tokens_Token_2026-01-06T14-34-12Z_smime.p7m | |
| [INFO] Using token: Apple Beta Tokens_Token_2026-01-06T14-34-12Z_smime.p7m | |
| [INFO] Using server token file: Apple Beta Tokens_Token_2026-01-06T14-34-12Z_smime.p7m | |
| [INFO] Stripping S/MIME wrapper… | |
| [INFO] Got credentials: | |
| consumer_key: CK_1e4d6861e5128e0c09442ee391372853b632f86f0a0dbcbdb529f027b41b1640bb44f070927ac8ef6b9ce4945d511bef | |
| consumer_secret: CS_9b17c3892bdd3e7e8034463a9b304e86df8eaddd | |
| access_token: AT_d0716b39b2873fd7cd7e343b5f6a9219a84809fba44c6288280fc23148ab09834b7 | |
| access_secret: AS_6c4fedc231c3926f977a8e86f7581a8f593ac1aa | |
| access_expires: 2027-01-06T14:34:12Z | |
| [INFO] Building OAuth header for session request… | |
| [INFO] Requesting session token… | |
| [INFO] Got session token. | |
| [INFO] Fetching beta-enrollment tokens… | |
| [INFO] Available beta programs: | |
| ┌-────────────────────────────────────────────-┬-───────────-┬-──────────────────────────────────────────────────────────────────-┐ | |
| │ Title │ OS │ Token │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ HomePod Software Version 26 AppleSeed Beta │ homePodOS │ 9d35ff2ca4e2492152d04031d630469391637958491c83e1c1539c48b5cf5c06 │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ iOS 17 AppleSeed Beta │ iOS │ 24e356c81d8a098e04d3bf82779d67a28e305d4e24cd1a9546d251994e32b1da │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ iOS 18 AppleSeed Beta │ iOS │ 1c6fe5f0634e68febfef70ae4626b78c100ed296427fbd9a1dad67ab6392bad2 │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ iOS 26 AppleSeed Beta │ iOS │ 61050ef1a94375ff11a3e2f9ff99ef5dbc7bea2dfe668c37860e4e71b0b093c9 │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ macOS Sequoia AppleSeed Beta │ OSX │ b4e921e359674c25c2f817492165c69038e9958c545e89e9bbfe6b20d02f40c8 │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ macOS Sonoma AppleSeed Beta │ OSX │ 34dd8dc5d19041ac63a31ebf92181420daeca9e5aa6046aa0afcfdd784353668 │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ macOS Tahoe 26 AppleSeed Beta │ OSX │ 70c8dbad03ceebea86740896534f5a8c2c642aeda1a88da761624191eb645bcf │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ macOS Ventura AppleSeed Beta │ OSX │ 030f48e140fd2a56746110cce9ea9e28f6de77b88db97f0017268a81a35ee566 │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ tvOS 18 AppleSeed Beta │ tvOS │ 2f7c8e19f55074aaf51777c24095ecb2769a33fa4780ad455f17b063decb6b59 │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ tvOS 26 AppleSeed Beta │ tvOS │ 401524581deff669552b54c0453bfe239b2805c4dd020bf13febc76952b2d79b │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ visionOS 2 AppleSeed Beta │ visionOS │ baaf1821c91089bae867fb8b818d05294a4792727e0397bc330c45a7307246c9 │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ visionOS 26 AppleSeed Beta │ visionOS │ 052a00ee15378a0dbfbd39aeb56b0bdbdc6045158eed66e89ad783dc54e43b77 │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ visionOS Developer Beta │ visionOS │ 22de2a21e91429784629b57ff799517a4e17e2f32ef57070eda2bfb6b2d50d01 │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ watchOS 10 AppleSeed Beta │ watchOS │ a65af647ba503701ddabea524268024054a8ae0dade489c840e76f699c25171f │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ watchOS 11 AppleSeed Beta │ watchOS │ 70f21b58c49a912b001b1be48577209f9fe85daec53771723eef26115f2f64b2 │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ watchOS 26 AppleSeed Beta │ watchOS │ bd3f1eb7389456276f683c08dc325e74aa2ee4c8c65a6e8549a444b2f51f31c6 │ | |
| ├-────────────────────────────────────────────-┼-───────────-┼-──────────────────────────────────────────────────────────────────-┤ | |
| │ watchOS 9 AppleSeed Beta │ watchOS │ 749eeac5442b5d5b66ea2aeaf029ec15eb30a380ebc759b108018830042b3682 │ | |
| └-────────────────────────────────────────────-┴-───────────-┴-──────────────────────────────────────────────────────────────────-┘ |
The token(s) for the Apple platform(s) you want to run beta testing for should be identifiable from the script output.
Note: All OAuth credential and token information in the output shown above have been replaced with non-working randomly generated values.
如有侵权请联系:admin#unsafe.sh