Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What are the pros and cons of using a p12 certificate vs JWT? #192

Closed
mycroftcanner opened this issue Mar 27, 2022 · 2 comments
Closed

What are the pros and cons of using a p12 certificate vs JWT? #192

mycroftcanner opened this issue Mar 27, 2022 · 2 comments
Labels
question

Comments

@mycroftcanner
Copy link

Instead of using a .p12 or .pem certificate as above, you can optionally use APNs JWT Provider Authentication Tokens.

What are the pros and cons of using a p12 certificate vs APNs JWT Provider Authentication Tokens?
@froodian
Copy link
Contributor

froodian commented Mar 28, 2022
edited
Loading

I would say the JWT path is strictly better. The major functional difference is that p12s expire and need to be regenerated every year, and doing so generally requires using Apple's OS X Keychain utility, or using openssl directly. Cryptographically they're both considered secure. The JWT option is more recent, having been introduced by Apple several years into APNs' lifetime, and so probably has more lifetime in front of it as well.

(disclaimer: I cannot represent sideshow or apple - I'm just a rando who watches this repository, and this has just been my experience)

@sideshow
Copy link
Owner

Heres how Apple explains:

Tokens

Token-based authentication offers a stateless way to communicate with APNs. Stateless communication is faster than certificate-based communication because it doesn’t require APNs to look up the certificate, or other information, related to your provider server. There are other advantages to using token-based authentication:

  • You can use the same token from multiple provider servers.
  • You can use one token to distribute notifications for all of your company’s apps.

Certificates

Because trust is established at the server-level, individual notification requests contain only your payload and a device token. They don't include an authentication token, which reduces the size of each notification request slightly.

Note that Apple stop short of suggesting which one to use but I agree with @froodian that tokens are generally superior, and you should use them if possible. Certs were the original way to authenticate before Apple bought in token based auth. As @froodian said, certs expire every year which can be annoying. You also have to make sure they are created for the right app and the right push environment (development vs sandbox), and you have to make sure you export them correctly and they are in the right format. Basically tokens are way simpler and less work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sideshow @froodian @mycroftcanner