Web Push with VAPID returns 400 'UnauthorizedRegistration'
Reported by
msele...@usekahuna.com,
Apr 18 2017
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Steps to reproduce the problem: 1. generate VAPID private/public key with openssl 2. subscribe user to receive push notification 3. try sending that user a push on chrome, receive 400 error 4. tried the same steps on firefox and it works perfectly What is the expected behavior? receive a 201 from FCM indicating that the message has been accepted What went wrong? received 400, UnauthorizedRegistration, from FCM Did this work before? N/A Does this work in other browsers? Yes Chrome version: 57.0.2987.133 Channel: stable OS Version: OS X 10.12.4 Flash Version:
,
Apr 20 2017
,
Jun 12 2017
Is there any movement on this? I am facing a (presumably) the same issue. I am using the Vapid02 specification, and have ruled out the possibility that is a bad TTL/exp due to system clock jitter(did this by ensuring TTL/exp is an hour and not the max). It works as expected in Firefox, but is failing in Chrome 59.
,
Jun 20 2017
#0 - Did you subscribe with the public key as the `applicationServerKey`? #3 - It's certainly possible that there's an issue with our vapid2 implementation. I'll run some tests to see whether I can find anything obvious.
,
Jun 20 2017
Yeah, it looks like we're not supporting VAPID 2 correctly. Will follow up. https://tests.peter.sh/push-generator/#authentication=1;;padding=0
,
Jun 20 2017
... or at all in our existing infrastructure. We're working on a new backend that does support it, but it's not quite ready to launch just yet. I'll keep you updated.
,
Jul 16
Was this ever fixed ? I am facing the same issue (works on firefox but not on chrome).
,
Jul 16
I did find a solution but it was weird and i dont remember EXACTLY the issue, but, i either had an '/' at the end of the subscription URL endpoint or there was no '/' at the end and there should have been... seriously that ended up being the fix
,
Jul 17
Well, since I didn't have '/' at the end, I added and I am seeing a different error message now (still 400 but invalidtokenformat now). Not sure what to make of it though. Thanks for replying
,
Jul 17
As an update for other wandering souls, I was able to fix it finally. 1. The slash '/' was NOT supposed to be there in endpoint. Removed. 2. JWT header was missing "typ":"JWT" in the header. Added that. 3. JWT payload expiration time was incorrectly a string instead of int. Converted that to int. Fixed these and it worked. |
|||
►
Sign in to add a comment |
|||
Comment 1 by msele...@usekahuna.com
, Apr 18 2017example subscription object. chrome version 57.0.2987.133 (64-bit), firefox version 52.0.2 (64-bit) {"endpoint":"https://fcm.googleapis.com/fcm/send/cMuJLaWYayw:APA91bG617SCLkuHSJbLp7wPoN0nVMRf96977ztqa82NUXWIgHYMXmWXHPUwRu9yU354-nTn45LjBm-jWRdmeRidmidSucqN82BHEMvF7O1u-gQ4_I_7PE0ZJVjjb7UrTJb9eRY4Hc6J","keys":{"p256dh":"BJl64A16buUQgvnxnhQDwgIM9D4MgkSpdbT1vAUH4_3H60ZOeA4IyGwbHU5HiMR4mhnK4BaCmxat3xfCxi3eZRk=","auth":"Xv_8w4ZqTs3YA_8onjTNBQ=="}}