-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for VAPID #8
Comments
See #41. It works with Firefox, but I get a 400 UnauthorizedRegistration with Chrome (FCM)... |
@Minishlink I am right now testing your library and with Chrome (FCM) receiving 400 UnauthorizedRegistration error. Do you know any workaround for that? |
You're using VAPID? |
@Minishlink Sorry, that was my mistake, now works :) Thanks, great library! |
@andriytkachiv Cool! :) Were you using this branch? I'd like to know because I can't get FCM to work with VAPID. (Firefox does) |
I just discovered your |
Cool, thanks! Is the code on GitHub so that I may look into how you wrote it differently? |
What I did to generate my VAPID keys and create a JWT in php : I'm not an expert with all these key manipulations, the fact that there are a lot of different formats (between node and php libraries) is disturbing... |
Thanks, I'll look into it. I find it much simpler to work with base64-encoded uncompressed keys rather than that very long PEM format. But the best of both world would be the (base64-encoded) DER format I guess, since it's as widely spread as PEM but not as long as the former. By the way, here's the Javascript code (found on the NodeJS web-push readme): function urlBase64ToUint8Array(base64String) {
const padding = '='.repeat((4 - base64String.length % 4) % 4);
const base64 = (base64String + padding)
.replace(/\-/g, '+')
.replace(/_/g, '/');
const rawData = window.atob(base64);
const outputArray = new Uint8Array(rawData.length);
for (let i = 0; i < rawData.length; ++i) {
outputArray[i] = rawData.charCodeAt(i);
}
return outputArray;
} |
@5pilow Ok so I also get a 400 with your code... Can you test your FCM endpoint with my vapid branch please? |
I have also a 400 error using the
JS (the key has been converted from the public key above)
I tried to replace the JWS creation with my function but I doesn't change anything, The only difference I think is when we create our keys, but I don't see what is the difference :/ Also, I tested my code on a production server and I manage to make it works too :) But I had to change the version of the gmp lib, I switched to |
This may be helpful for the VAPID implementation. I just raised a PR over on the other repo (sorry didn't realise VAPID work had begun on this one) that adds integration tests for all browsers and it should be trivial to run VAPID changes through Chrome and Firefox: |
@5pilow Thanks, I'm relieved it works at least with one configuration. Have you changed anything else than the version of GMP to make it work? @gauntface Thanks, I'll check it out! |
@gauntface So the VAPID implementation also doesn't work with Chrome on Travis for some unknown reason. :( Is Chrome's code that is related to VAPID public (eg in Chromium)? Also, is there a way to have more information than a |
I'll try and dig up some more information on the error codes for 400 vs 40X which I believe mean something different, but generally Unauthorized Registration just means the details provide during subscription and the details provided with the send request didn't match. |
Just spent time looking into this and breaking down the tests to compare node and php input / output, the PHP library is outputting something different to node for the JWT payload. I've dumped stuff here: https://github.com/web-push-libs/web-push-php/tree/vapid-playground (Just because I'm exploring and it's probably not suitable for merging yet) |
Thank you for your help and time. I looked at the modified VAPIDTest and the test on Travis but is seems the expected jwt payload is built with the subject url whereas the actual jwt payload is built with the subject mailto :/ In my VAPIDTest, the expected data was actually from the Node library, which I had customized to output these values. The actual data I get with web-push-php is the same, except the last part of the JWT. This last part is the generated signature, so it will change and is not unique to the header/payload/key. |
Ignore me, the issue was a missing ':'
|
Nice catch, thank you very much!! |
See also:
https://github.com/marco-c/web-push/blob/b9156f658fc028c3388dbed005ffa5e2012b55ac/index.js#L206
https://github.com/mozilla/wp-web-push/pull/283/files#diff-05b502d88da481dfcef81a7fdb4a6da4R60
wp-web-push
is using the same libraries you're using for the payload.The text was updated successfully, but these errors were encountered: