Push notifications using JSON web tokens*

Dimitri James Tsiflitzis

CocoaHeadsSKG

*Για τους φίλους JWT

Communicating with APNs

  • The APNs provider API lets you send remote notification requests to APNs and to your app.
  • The provider API is based on HTTP/2. Each interaction starts with a POST request that contains a JSON payload and a device token. APNs forwards the notification payload to a specific user device identified by the device token.
  • A provider is a server, that you deploy and manage, that you configure to work with APNs.

A note on APNs Providers using Certificates

  • Rolling your own certificates is tedious.
  • Certificates expire and have to be recreated.
  • Certificate decoding is CPU intensive for them.

The provider API supports the JSON Web Token (JWT) specification, letting you pass statements and metadata, called claims, to APNs, along with each push notification.

APNs Providers with Authentication Tokens

  • Generate Signing key from the member center.
  • Generate JSON Authentication token.
  • Send push notification.

APNs Providers with Authentication Tokens

Generate Signing key from member center

Header
{
   “alg” : “ES256”,
   “kid” : “ABC123DEFG”
} 
Claim
{
   “iss”: “DEF123GHIJ”,
   “iat”: 1437179036
}

Generate JSON Authentication Token

  • alg (Algorithm): The encrypting algorithm. Currently APNs only supports ES256.
  • kid (Key ID): The 10-digit Key ID we generated in the member center.
  • iss (Issuer): This will be a 10-digit Team ID.
  • iat (Issued At): Number of seconds from Epoch in UTC when the token was generated.

Generate JSON Authentication Token

HEADERS
  - END_STREAM
  + END_HEADERS
  :method = POST
  :scheme = https
  :path = /3/device/00fc13adff785122b4ad28809a3420982341241421348097878e577c991de8f0
  host = api.development.push.apple.com
  authorization = bearer eyAia2lkIjogIjhZTDNHM1JSWDciIH0.eyAiaXNzIjogIkM4Nk5WOUpYM0QiLCAiaWF0I
 jogIjE0NTkxNDM1ODA2NTAiIH0.MEYCIQDzqyahmH1rz1s-LFNkylXEa2lZ_aOCX4daxxTZkVEGzwIhALvkClnx5m5eAT6
 Lxw7LZtEQcH6JENhJTMArwLf3sXwi
  apns-id = eabeae54-14a8-11e5-b60b-1697f925ec7b
  apns-expiration = 0
  apns-priority = 10
  apns-topic = <MyAppTopic>
DATA
  + END_STREAM
    { "aps" : { "alert" : "Hello" } }

The request

Let's code

Shell script

  • Got the current time
  • Base64 url safe encoded the header
  • Base64 url safe encoded the claim
  • Using openssl signed header.claim with our private key
  • Output header.claim.signature
  • Sent off the push notification
  • Replaced third party solutions for sending notifications from our machine

Ti Kaname Edw?

Let's code

NodeJS

Ti Kaname Edw?

Let's see both of these in practice

  • This protocol is easy for developers. Keys are easy to revoke and regenerate.
  • Token-based communication with APNs offers stateless and fast communication. At least faster than certificate-based communication, since the APNs do not have to validate your certificate or any other information.
  • You do not need to always generate a new token for each notification.
  • One key for all your apps. You can use a single token with multiple servers to send notifications to each one of your apps.

Closing thoughts

Ευχαριστούμε 🎈

Push notifications using JSON web tokens

By tsif

Made with Slides.com

Push notifications using JSON web tokens

  • 183

More from tsif

  • Making Your App Inclusive
    tsif
    194
  • Common cryptographic operations in Swift with CryptoKit
    tsif
    296