First, sorry for my English.
I'm trying to send a message to my iOS device using Firebase Cloud Messaging.
However, there are several tokens with different names.
What do these tokens do? What is the difference?
Is FCM token the same as registration token and APNs token the same as device token?
And how can FCM token be made with APNs token?
There are two definitives here:
APNS Token is the Apple Push Notification Service token. It is a token (think of it like a password) that authenticates your app and device onto the Apple Push service and allows for communications to be sent.
FCM Token is the Firebase Cloud Messaging token. This is googles version of the APNS Token however works for both iOS and Android (Google do proxying on their end when sending a push notification to iOS devices).
When you refer to a registration token or a device token it really does depend on the context you use the phrases. They are often used interchangeably and neither are really "official" terms. For the most part, both terms refer to your APNS/FCM token, however device token has historically been used for other things like unique device identifiers.
Related
What information is used by APNS to generate device tokens and identify that it's unique to the device and app?
I have gone through apple documentation but it only tells that the token is unique to device and app , but how the token gets generated the process is not diclosed.
It's an opaque token. By design, you're not going to be able to reverse engineer how APNS tokens are generated and make your own.
If it helps, you might think of an APNS token as a hash of a bunch of things, some of which you can't see or control.
I am working on an application and I encountered such a problem: after uninstalling and installing a new application, when authorizing a new user, the token of the previous user is stored, which was authorized on the device before uninstallation. The token for VoIP push remains the same and when I call the previous user, a voip call comes to both users due to the same token. I was looking for this moment in the manual APNS, but could not find anything.
Is it possible that the platform does not perform any necessary actions before requesting a token?
iphone: 5se
Is there a difference between the firebase.auth().getToken() and the FCM registration token returned via Android setup: FirebaseInstanceId.getInstance().getToken()? I am currently using https://www.npmjs.com/package/firebase which uses the first method above to setup auth as well as generate a token. Using that token when trying to send a notification returns: error:InvalidRegistration...
The Auth and FCM tokens are different and unrelated.
The Firebase Authentication ID token identifies the user. A Firebase Authentication access token (auto-generated based on the ID token) grants the user temporary access to the Firebase back-end.
Firebase FirebaseInstanceId token (that is used by Firebase Cloud Messaging) identifies the installation of the app on a specific device.
For example: if you sign in to an app on two different devices, you will get the same authentication UID (although the access token will be different, each time you sign in on a device).
If you have the same app on two devices, the FCM token will be different. But if the app has sign-in functionality, the FCM token will be the same no matter who (or even if) a user is signed in or not. Furthermore: if a different user signs in to the same installed app, the FCM token will remain unchanged.
With the change of GCM to FCM through Google, we are looking to bring our push notifications for iOS into FCM as well. Without providing an update, which would register each user to the Firebase push service, is it possible to subscribe all current users tokens to the firebase service, therefore generating FCM keys for them?
Yes, you can use the batchImport method of the InstanceID API to import a list of APNs tokens which will return a mapping of InstanceID tokens that you can then use to send messages to iOS app instances using FCM.
I have some MDM solution that we've developed through which we want to support managing iOS devices. Even though we'd already been able to successfully enrol and manage iOS devices via the same, I am trying to figure out a way to secure all web service invocations with OAuth, which take place between the native app running on iOS devices, connecting to the Enrolment and other APIs deployed as part of the MDM solution. Apparently, we've got limited control over modifying the native app to embed OAuth access tokens in the form of HTTP headers or some other means to be able to send those access tokens across to the MDM APIs, as the app logic cannot be modified. Do we have any configuration in the Enterprise App that runs on iOS devices to enable OAuth (or any other form of authentication) or some other means, which I can effectively use to get my requirement implemented?
iOS enrollment flow associate with a challenge token in the SCEP payload (mentioned as Challenge). Once you do the authentication from MDM server side there needs to be a unique token generated based on your user identity and embed that in this SCEP payload. For subsequent enrollment calls this token is passed and once the enrollment success this can be fetched and validate the user. Ideally this is just a way to link the device to a specific user which could be a temporary token generated at your MDM server end which link to a user identity or something related. To follow that you could apply OAuth password grant type and get the token once the authentication happens. Then this OAuth token can be then set as this challenge token for future use. But unlike in other OAuth communications iOS will not send this token in header as the bearer rather this will be embedded in the xml payload with proper encryption and signing in place.
Further iOS support protocol extension to validate users with open directory service using an auth token. This will by default have the ability to communicate back and forth using the checkin endpoint.