Menu
I got my Firebase Cloud Messaging registration token for web push. And I sent this to my server to save in database for later push. But how can I verify this token is valid or fake?
I have tried this but I think this is for Auth tokens not for web push.
Someone else can send request of a random fake token to my server. I want to prevent this before save in db.
Edit: It's solved and I wrote a simple class to use FCM for web push quickly. https://github.com/emretekince/fcm-web-push
500
Make sure it matches the registration token the client app receives from registering with Firebase Notifications. Do not truncate or add additional characters. You can try sending a test message from your server to see the response without sending an actual message towards the device by using the dry_run parameter: AL.
To verify if the token is generated from your client and project, you can send a test notification with your server key and check the response message, if token is altered obviously it will give you relevant error.
When sending to an invalid registration token, you'll should receive 200 + error:InvalidRegistration:
Check the format of the registration token you pass to the server. Make sure it matches the registration token the client app receives from registering with Firebase Notifications. Do not truncate or add additional characters.
This is the response when you try to send a simple cURL request where the registration token is just randomly made:
curl --header "Authorization: key=$[your_server_key_here]" \
--header Content-Type:"application/json" \
https://fcm.googleapis.com/fcm/send \
-d "{\"registration_ids\":[\"ABC\"]}"
Notice that I added in "ABC", in the registration_ids parameter. If ever it is a valid registration token, but is not associated to your project, you'll probably receive 200 + error:NotRegistered.
You can try sending a test message from your server to see the response without sending an actual message towards the device by using the dry_run parameter:
This parameter, when set to true, allows developers to test a request without actually sending a message.
72
If anyone using firebase Admin SDK for node.js, there is no need to manually send the request using the server_key explicitly. Admin SDK provide sending dry_run push message to verify the fcm_token.
function verifyFCMToken (fcmToken) => {
return admin.messaging().send({
token: fcmToken
}, true)
}
Use this method like following
verifyFCMToken("YOUR_FCM_TOKEN_HERE")
.then(result => {
// YOUR TOKEN IS VALID
})
.catch(err => {
// YOUR TOKEN IS INVALID
})
You can use following function
public Boolean isValidFCMToken(String fcmToken) {
Message message = Message.builder().setToken(fcmToken).build();
try {
FirebaseMessaging.getInstance().send(message);
return true;
} catch (FirebaseMessagingException fme) {
logger.error("Firebase token verification exception", fme);
return false;
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
