Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is the VAPID public key the same as applicationServerKey client-side?

Tags:

web-push

service-worker

vapid

On the client-side, to subscribe to web push notifications, you need to call subscribe with the applicationServerKey option, like this:

var serviceWorkerRegistration = ...
serviceWorkerRegistration.pushManager.subscribe({
  userVisibleOnly: true,
  applicationServerKey: urlB64ToUint8Array("......")
}).then(function(subscription) {
   ...
})

You can send the subscription object to the server, where it can be saved.

To send a push message to the subscriber, the server needs to post to the URL indicated by the key endpoint in the object subscription. The server needs to identify itself to the provider (Mozilla or Google or whoever) using VAPID. For instance, using the Python library pywebpush, this call would be made:

import pywebpush
pywebpush.webpush(
    subscription,
    data,
    vapid_private_key="path_to_private_key.pem",
    vapid_claims={"sub": "mailto:[email protected]"},
)

Here's my question:

Is the private VAPID key used to send the push message the one that corresponds to the public key passed to serviceWorkerRegistration.pushManager.subscribe on the client-side? Or does it belong to a separate keypair? My intuition tells me it should belong to the same keypair, but the term VAPID is only ever mentioned when talking about sending push messages, and not when subscribing, so I'm not confident that that assumption is correct.

like image 496
Flimm Avatar asked May 10 '17 13:05

Flimm

People also ask

What is vapid public key?

VAPID, which stands for Voluntary Application Server Identity, is a new way to send and receive website push notifications. Your VAPID keys allow you to send web push campaigns without having to send them through a service like Firebase Cloud Messaging (or FCM).

Where is vapid key?

Vapid Key is "Voluntary Application Server Identification". We can find it in: Open the Cloud Messaging tab of the Firebase console Settings pane and scroll to the Web configuration section. In the Web Push certificates tab, click Generate Key Pair.

How do you make a vapid?

You'll need to create and provide a public and private key for your server. These keys must be safely stored and should not change. Click 'GENERATE' button to generate VAPID keys and use them to authenticate you. Based on the web-push-libs/web-push-php library.

What is vapid Webpush?

VAPID stands for Voluntary Application Server Identification for Web Push, this is not so much encryption, it's just identification. And the idea is that you generate some keys, and the public key is part of your app that you ship and the private key is part of what you use to send messages to this web push service.

1 Answers

Yes, it belongs to the same keypair. This blog post Web Push Interoperability Wins makes it clearer:

The process is pretty simple:

  1. Your application server creates a public/private key pair. The public key is given to your web app.
  2. When the user elects to receive pushes, add the public key to the subscribe() call's options object.
  3. When your app server sends a push message, include a signed JSON Web Token along with the public key.

Depending on what library you're using on the server, you may need the private key in a different format. For instance, pywebpush for Python expects a VAPID EC2 private key PEM file, or a string in the DER format and base64.

like image 190
Flimm Avatar answered Oct 22 '22 07:10

Flimm
Sign in to Comment

Related questions

How can I utilise ApplicationInsights-JS in a service worker?
Reading request headers inside a service worker
Recognize HTTP 304 in service worker / fetch()
Is it possible for a service worker to permanently break a website?
Load cdn file and save it in Service Worker
Browser is redirected to service-worker.js
Registering Service Worker in a different folder
Sending push Notifications from Java Web Application
Update "service-worker.js" on Single Page App when changing routes
What to do if multiple users use the same device?
Using async/await with service worker
getSubscription returns a null subscription
What is the purpose of service worker?
Service Worker controllerchange never fires
Angular 5 app doesn't register service worker
Adding a new header to a Request, while preserving the body
Difference between serviceWorker.getRegistration and serviceWorker.ready.then
Service Worker: how to update the cache when files changed on the server?
How to load Javascript file in a Service Worker dynamically?
Service Worker Push Notifications with Angular2

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!