Push notifications using JSON web tokens*
Dimitri James Tsiflitzis
CocoaHeadsSKG
*Για τους φίλους JWT
Communicating with APNs
- The APNs provider API lets you send remote notification requests to APNs and to your app.
- The provider API is based on HTTP/2. Each interaction starts with a POST request that contains a JSON payload and a device token. APNs forwards the notification payload to a specific user device identified by the device token.
- A provider is a server, that you deploy and manage, that you configure to work with APNs.
A note on APNs Providers using Certificates
- Rolling your own certificates is tedious.
- Certificates expire and have to be recreated.
- Certificate decoding is CPU intensive for them.
The provider API supports the JSON Web Token (JWT) specification, letting you pass statements and metadata, called claims, to APNs, along with each push notification.
APNs Providers with Authentication Tokens
- Generate Signing key from the member center.
- Generate JSON Authentication token.
- Send push notification.
APNs Providers with Authentication Tokens
Generate Signing key from member center
Header
{
“alg” : “ES256”,
“kid” : “ABC123DEFG”
}
Claim
{
“iss”: “DEF123GHIJ”,
“iat”: 1437179036
}
Generate JSON Authentication Token
- alg (Algorithm): The encrypting algorithm. Currently APNs only supports ES256.
- kid (Key ID): The 10-digit Key ID we generated in the member center.
- iss (Issuer): This will be a 10-digit Team ID.
- iat (Issued At): Number of seconds from Epoch in UTC when the token was generated.
Generate JSON Authentication Token
HEADERS
- END_STREAM
+ END_HEADERS
:method = POST
:scheme = https
:path = /3/device/00fc13adff785122b4ad28809a3420982341241421348097878e577c991de8f0
host = api.development.push.apple.com
authorization = bearer eyAia2lkIjogIjhZTDNHM1JSWDciIH0.eyAiaXNzIjogIkM4Nk5WOUpYM0QiLCAiaWF0I
jogIjE0NTkxNDM1ODA2NTAiIH0.MEYCIQDzqyahmH1rz1s-LFNkylXEa2lZ_aOCX4daxxTZkVEGzwIhALvkClnx5m5eAT6
Lxw7LZtEQcH6JENhJTMArwLf3sXwi
apns-id = eabeae54-14a8-11e5-b60b-1697f925ec7b
apns-expiration = 0
apns-priority = 10
apns-topic = <MyAppTopic>
DATA
+ END_STREAM
{ "aps" : { "alert" : "Hello" } }
The request
Let's code
Shell script
- Got the current time
- Base64 url safe encoded the header
- Base64 url safe encoded the claim
- Using openssl signed header.claim with our private key
- Output header.claim.signature
- Sent off the push notification
- Replaced third party solutions for sending notifications from our machine
Ti Kaname Edw?
Let's code
NodeJS
- Simple NodeJS app
- Uses apn https://www.npmjs.com/package/apn
Ti Kaname Edw?
Let's see both of these in practice
- This protocol is easy for developers. Keys are easy to revoke and regenerate.
- Token-based communication with APNs offers stateless and fast communication. At least faster than certificate-based communication, since the APNs do not have to validate your certificate or any other information.
- You do not need to always generate a new token for each notification.
- One key for all your apps. You can use a single token with multiple servers to send notifications to each one of your apps.
Closing thoughts
Ευχαριστούμε 🎈
Push notifications using JSON web tokens
By tsif
Push notifications using JSON web tokens
- 183