Menu
I recently noticed a new option when creating a certificate for a given iOS client.
The option is titled
Apple Push Notification Authentication Key (Sandbox & Production)
Get an authentication key to generate server-side tokens. You can use these tokens as an alternative to certificates for your notification requests.
One authentication key can be used for multiple apps and does not expire.
How does one go about setting this up?
608
[1] To begin, visit the Apple Developer Member Center and log in with your credentials. [2] Click Certificates, Identifiers & Profiles. [3] Click Keys then the “+” button in the top right corner to create a new key. [4] Enter a descriptive name for your APNS Auth Key, then select Apple Push Notification Service (APNs).
A channel is a type of platform that you can deliver messages to. You can use the APNs sandbox channel to send push notification messages to the sandbox environment of the Apple Push Notification service (APNs).
You need an APNs authentication token signing key to generate the tokens used by your server. You request this key from your developer account on developer.apple.com, as shown in Figure 1. When you request a key, Apple gives you: A 10-character string with the Key ID.
Apple Push Notification token-based authentication is an alternative to using provider certificates to connect to APNs. The provider API supports JSON Web Token (or JWT), an open standard, to pass authentication claims to APNs along with the push message.
To generate a provider token, obtain a private key for signing the token as described in Creating a Universal Provider Tokenin App Distribution Guide. You should construct a token with header containing a 10 character Key ID (kid). The token claims portion contains Issuer (iss) which is a 10 character Team ID. Your Team ID and Key ID values can be obtained from your developer account. The claims shall also contain Issued At (iat) which is the number of seconds from Epoch in UTC when the token was generated. The token must be signed with the Elliptic Curve Digital Signature Algorithm (ECDSA) using the P-256 curve and the SHA-256 hash algorithm (ES256), specified as a value in the algorithm key (alg).
{ "alg": "ES256", "kid": "ABC123DEFG" } { "iss": "DEF123GHIJ", "iat": 1437179036 } For additional information along with list of available libraries for generating signed JSON web tokens, refer to https://jwt.io
This is a swift library to sign your JSON Web Token (or JWT) : kylef/JSONWebToken.swift
Note: Only providers tokens signed with ES256 algorithm are supported by APNs. Unsecured JWT or JWT signed with other algorithms will be rejected with a response indicating an Invalid Provider Token.
SOURCE : APPLE : Provider Authentication Tokens
WWDC 2016 - Session 724 : Token Based Authentication
PS:
The biggest difference is that The Key Way will not be expired than Certificate will be expired after one year.
86
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
