I'm trying to send push notifications to iOS devices, using token-based authentication.

As required, I generated an APNs Auth Key in Apple's Dev Portal, and downloaded it (it's a file with p8 extension).

To send push notifications from my C# server, I need to somehow use this p8 file to sign my JWT tokens. How do I do that?

I tried to load the file to X509Certificate2, but X509Certificate2 doesn't seem to accept p8 files, so then I tried to convert the file to pfx/p12, but couldn't find a way to do that that actually works.

I found a way to do that, using BouncyCastle:

private static CngKey GetPrivateKey()
{
    using (var reader = File.OpenText("path/to/apns/auth/key/file.p8"))
    {
        var ecPrivateKeyParameters = (ECPrivateKeyParameters)new PemReader(reader).ReadObject();
        var x = ecPrivateKeyParameters.Parameters.G.AffineXCoord.GetEncoded();
        var y = ecPrivateKeyParameters.Parameters.G.AffineYCoord.GetEncoded();
        var d = ecPrivateKeyParameters.D.ToByteArrayUnsigned();
        return EccKey.New(x, y, d);
    }
}

And now creating and signing the token (using jose-jwt):

private static string GetProviderToken()
{
    var epochNow = (int) DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1)).TotalSeconds;
    var payload = new Dictionary<string, object>()
    {
        {"iss", "your team id"},
        {"iat", epochNow}
    };
    var extraHeaders = new Dictionary<string, object>()
    {
        {"kid", "your key id"}
    };
    var privateKey = GetPrivateKey();
    return JWT.Encode(payload, privateKey, JwsAlgorithm.ES256, extraHeaders);
}