we are migrating from Cert based Notification to Token based notifications,
I have my Device token and I generate JWT token using .p8 file, KId, App Id and issue time. iam using Curl command to send the Message to api.push.apple.com/3/device/.
Iam getting
HTTP/2 200
apns-id: C372B9BE-5C83-3CBB-0DF3-5B5B6D671B65 from Server, however, iam not receiving any notifications on to my Mobile.
any one aware of this issue, Please advise.
Appreciate it
Related
I want to create a Slack bot which will monitor incoming messages of channel, and respond to those messages based on the content using Events and Web API.
In Events API, the verification URL which I am currently using requires Shibboleth login i.e I need to put in username and password if I want to access that URL through browser.
How do I have Slack send its request to that URL? Currently Slack gets HTTP 500 error from the server, and also my server doesn't get any hit.
After talking to Slack help chat, I was told that Slack can't do auth. I was suggested to use proxy of some kind, but I ended up removing the Shibboleth from my server. Slack does sign every request it sends, so to have server respond to attackers, verify each request is from Slack before responding.
I started a project using the Google API signin mixed with an angularJS+Firebase app.
What I would like to do is to be able to send an e-mail from one person to another programmatically.
Example: John is logged in, clicks on a button which sends an email to Rachel. But that email is sent using the stored token from Ted, not John's account.
It seems possible using the php library which is not an option here.
So far, I get the token easily using these few lines:
var GoogleAuth = gapi.auth2.getAuthInstance();
GoogleAuth.grantOfflineAccess({
scope: 'https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/drive https://mail.google.com/ profile email'
}).then(function(resp) {
console.log(resp);
this.storeToken(resp.code);
});
Is it actually possible ?
A quick search just got me results for php or about how you get a token with the JS library... not how to use it !
From my understanding you want to use a refresh token ( offline access ) to send an email from Ted's account via Javascript.
Sadly this is not possible client side. What your code gives you is a 'code' that you can send to your server using a $http.post () and trade with Google server side for a refresh token.
Here is a guide for how to change that code into a refresh token.
While you can do this client side it would involve exposing your client secret which you should never do.(https://developers.google.com/identity/sign-in/web/server-side-flow)
Every time John wants to send an email from Ted's account your application will have to send a request to your server that:
Sends a request to google with the refresh token and generates an access token (https://developers.google.com/identity/protocols/OAuth2WebServer#offline)
Sends a seccond request to google using the access token to send the email from Ted's account
I hope that this helped.
We would like to enable WeChat Login on our iOS client that is connected to a Parse Server backend on Heroku. From reading through the PFFacebookAuthenticationProvider, it seems that we need to write a custom authentication provider for WeChat.
WeChat Login is based on OAuth 2.0. It works as followed:
1. From our app, an authorization request is sent to the WeChat app installed on the same phone. WeChat app is called to the foreground.
2. After user approved the authorization request, a code (NOT the access token) is sent to our app.
3. With the code and our app id and app secret, our server can then call WeChat API and get the appropriate user id and access token from WeChat. This step has to happen on our server, as we cannot include the app secret within our client app.
On the WeChat documentation, it is strongly recommended that we keep the access token strictly in the control of server (anyone with the access token can make requests to WeChat API and it will be counted towards the usage limit for our API calls).
If we are to follow this practice, we cannot save the access token in the authData field of the user. Would it be acceptable to save only the code and id from WeChat into the authData and save the access token to another class that only the master key has access to? This obviously requires us to write a custom AuthAdapter for the Parse Server.
Or is there a better way to implement this custom auth? The custom auth documentation for Parse Server is pretty thin and I plan to improve it after I can get it working for myself.
You can definitely update the auth adapter to exchange the code for an access token server side. The logic would be similar to other adapters, failing to login/signup if the server is unable to process the code to access token exchange.
Here
https://github.com/parse-community/parse-server/blob/master/src/Adapters/Auth/wechat.js#L7
If the authData object has that code, you can add additional logic to exchange it.
I'm sending my push notifications with an APNs Auth Key ("never expires") which worked well until suddenly I get
403 Forbidden: {"reason":"InvalidProviderToken"}
as a response when sending push notifications. What could be the reason for this when it worked once and suddenly it doesn't without having an expiration date? In the meantime it worked again for some pushes, but now I get the error again... Did anyone else experience this?
EDIT
Not sure but it seems as if this only happens on the Ubuntu server, not on my local (OS X) machine...
we have exactly the same problem when sending pushes to different team ids using the same connection. The steps to reproduce are:
Open a connection to APNS and use the same connection to:
Send a token based push to topic com.companyA.xxx of team id 1234: APNS accepts and delivers the push successfully.
Send a token based push to topic io.companyB.xxx of team id 5678: APNS responds HTTP 400 BadRequest The device token does not match the specified topic
Send again a token based push to topic io.companyB.xxx of team id 5678: APNS responds HTTP 403 Forbidden: the provider token is not valid or the token signature could not be verified.
After this it becomes impossible to send any push and the connection has to be closed and reopened.
The workaround we ended up doing is to open one connection per team id. The APNS documentation does not mention anything like that so I do consider this as a bug and I opened a bug report.
I've seen this in a couple of circumstances:
Resubmitting expired provider tokens seems to get the token blacklisted and results in subsequent InvalidProviderToken rejections rather than ExpiredProviderToken rejections. Check you logs for token expiry messages. Check your system clock to make sure that you're not generating tokens with skewed timestamps.
Submitting to invalid topics will invalidate all provider tokens on the connection (even previously valid ones). Only submit to topics that the key is bound to and only use one key per connection.
For me, there was an issue with bad configuration. I was using the wrong Team ID. Please make sure that all configuration is correct before you look into any other solutions.
The server does respond with an InvalidToken and/or an ExpiredToken error. Your authentication token shouldn't contain any '=', '+', '-', Double check if your token hasn't this any of those. Also the signature (3rd part of the token, should be Base64URL encoded, so without the previous mentioned characters).
for me the server time was invalid, fixing the server time solved the issue
I asked Apple to change my account from a personal account, to a business account. My push notification certificate still said everything was fine, but the notifications weren't working, and I was getting the response Invalid Token. Once I revoked the certificate and issued a new one (in apple connect), everything worked fine.
I wasted so much time trying to figure out why the push notifications weren't working. Hopefully this will save someone else some time!
I had been using the Name of the key instead of the Key ID. Verifying on https://developer.apple.com/account/resources/authkeys/review/ showed the correct value.
My case is with the json pretty print format. Unlike musickit which can accept jwt pretty print format, the APNs only accept the raw format.
In details:
My message was:
{
"alg": "ES256",
"kid": "SOMEKEYID"
}
{
"iss": "SOMETEAM",
"iat": 1581110460
}
I verified the result jwt via jwt.io, however the APNs keeps telling me InvalidProviderToken. I have tried everything above. No use.
Finally I changed the message to:
{"alg":"ES256","kid":"SOMEKEYID"}
{"iss":"SOMETEAM","iat":1581128155}
then it pass with no error.
Turns out APNs do not accept json pretty format!
Apple's APN documentation says:
APNs supports only provider authentication tokens that are signed with
the ES256 algorithm. Unsecured JWTs [JSON Web Tokens], or JWTs signed
with other algorithms, are rejected, and your provider server receives
the InvalidProviderToken (403) response.
So, it appears that the problem is not with your auth kiey; it's actually an issue with the web token that was generated from your key.
My application uses Outlook Push Notifications REST API to get updates for a set of users.
The code I use to make the registration is like following:
HTTP POST to:
https://outlook.office.com/api/v2.0/users/<user email>/subscriptions
POST data = {
'#odata.type': '#Microsoft.OutlookServices.PushSubscription',
'Resource': 'https://outlook.office.com/api/v2.0/me/messages',
'NotificationURL': 'https://<my_valid_hostname>/api/subscriptions',
'ChangeType': 'Created, Deleted',
'ClientState': <user UUID>,
}
This code always worked fine, but since Sep 26 it stopped to work for mostly of users. The HTTP request to make a registration to web notification returns HTTP 403 error:
HTTP 403 Error: https://outlook.office.com/api/v2.0/users/<user email>/subscriptions
{
"error": {
"code": "ErrorAccessDenied",
"message":"Access is denied. Check credentials and try again."
}
}
This application is a backend aplication registered in Azure AAD portal and uses a token which allow me to do the requests on behalf of the users.
My token credentials are working fine. I use the same token for Graph API and Outlook API without errors. I refreshed it to see if the error go away, but it doesn't work. The error comes for fresh tokens anyway.
For some users I get no error, it always work. The subscription is created fine and I get the subscription data in JSON returned, as usual.
This make me think that it may be a problem in Microsoft side, but I have no way to check this.
So how can I fix this error for the affected users?
First thing that comes in my mind is that did you forgot to renew your calendar subscriptions? It's something like max. 14 days those are alive. Anytime before expiration you can renew subscriptions and after that you still can revive subscriptions.
In fact now I tested new subscription with my app and I get only 7 days to expiration date.
At this point I got that you are getting error when creating new subscription.. are you sure your access_token is still valid?
For future SO users,
POST https://outlook.office.com/api/v2.0/me/subscriptions
Content-Type: application/json
Authorization: Bearer <access_token>
{
"#odata.type":"#Microsoft.OutlookServices.PushSubscription",
"Resource": "https://outlook.office.com/api/v2.0/<Outlook-Resource>",
"NotificationURL": "<My-Endpoint-Url>",
"ChangeType": "Created,Updated,Deleted"
}
Optional ClientState in body, allows the listener to check the legitimacy of the notification.
Check out the docs for more info.