Add ability to send Client Key to parse server. #57
Conversation
cleever
changed the title
|
Can you help me understand what this is for? |
|
Sure. The code assumed that Client Key is not needed anymore, but it is not true. It's optional. Now the push plugin could send the key to the server for correct authentication if the key is needed for your server. |
cleever
changed the title
|
I was hoping to understand your usecase. ParsePlatform docs/guide says that client keys provide no additional security. They mentioned that the client keys are now only useful to manually distinguish different clients. Since apps that use this plugin are Cordova javascript apps, using the js key for that purpose might be better. I kept things simple and dropped the client key in native Parse initialization because this plugin doesn't interact with user cloud code at all and there isn't really a path where the client key is needed. I could be wrong. Do your usecases require client keys for functions related to this plugin's API? |
|
Sorry @taivo I could be wrong too. There are some documentation about this; In other words, if your server is configured to use them, the clients should provide them. There are some test cases that demonstrated it: Like you said, ClientKey doesn't provide additional security, because is easy do open the code and extract them. However we must remember that applicationId is sent by e-mail in reset password request and confirm account/email process. If you are sure about the process of saving a installationId doesn't need the client key even if the server is configured to use them, you should ignore this pull request. |
|
You're right on this! Thanks for this PR and the excellent discussion on issue #52. |
|
Thank you @taivo for your excellent work and your great support. |
The client keys used with Parse are no longer necessary with Parse Server, however you could still require them.
The parse push plugin wasn't able to send the client key.
This pull request try to fix this issue.