I have used the iOS development account for creating APNS SSL certificate for sending the push notification to an iOS device for development purpose. I can get the device token using objective c sample code in iOS device.Then I can use that device token to send push notification for that specific iOS device.
Now I am going to implement MDM and for MDM iOS Enterprise account is required. There are some questions, which I want to confirm if someone has already done.
So I want to know can I use iOS Enterprise account for creating "apns ssl certificate" for development purpose?
Can I get device token for an iOS device using the same objective C sample code, so that I can send the push notification via APNS to that specific iOS device for testing purpose?
First of all MDM push notification implementation is different than push notification for third party iOS application.
1)You have to use iOS Enterprise account for MDM push notification and there are few steps to get APNS certificate.
1.Refer MDM_Protocol and follow this link: http://www.softhinker.com/in-the-news/iosmdmvendorcsrsigning Then verify few things.
remove the passphrase from customerPrivateKey.pem using this command
openssl rsa -in customerPrivateKey.pem -out PlainKey.pem
Then merge your APNS certificate (for example CustomerCompanyName.pem) downloaded from the portal https://identity.apple.com/pushcert/ using this command
cat CustomerCompanyName.pem PlainKey.pem > PlainCert.pem
Now this PlainCert.pem file can be used in your server as APNS/MDM certificate.
2)In MDM push notification there are three keys
• PushMagic - a unique token the MDM server sends with each push request
• Token - a unique token that identifies the device to the APNS service
• UnlockToken - an escrow key used to clear the passcode on the device.
MDM push notification payload is also different than push notification payload.It should look like this:
{"aps":{},"mdm":PushMagic}
Take a look at http://urbanairship.com/ its a great service for handling push notifications and you can easily send test push notifications to any registered device.
Also this tutorial: http://mobile.tutsplus.com/tutorials/iphone/iphone-sdk_apns/ was an awesome resource for me in setting up push notifications with my app.
For your first question - yes you can. In the iOS dev site, go to provisioning portal > app ID's and enable you app for push notifications(dev or production).
1) see this answer
2) not for the MDM push token - this is sent to the MDM server during the 'check-in' procedure.
Related
I have been tasked with maintaining an iOS app with push notifications enabled. There is a production "Apple Push Notification service SSL Certificate" associated with the app's Identifier on developer.apple.com that expires soon. Also, under Keys there is a key with the Apple Push Notifications service (APNs) enabled. It appears that the backend server sending out the push notifications is only using this key and not the certificate.
Is it safe to let the Apple Push Notification service SSL Certificate expire? And what problems might occur if the certificate turns out to be in use somewhere?
in my experience, you app stop receive push notification.
And wait you client to complaint about this. You must renew APns Certificate and voip certificate every year.
I'm a little confused on the difference between using Certificate based connections to the APN service verse the Device Token method.
My understanding is, when sending a push notification to an iOS device, my options are either:
A) I could have registered the APN certificate with the Application bundle, and my provider can send it to the APN service to verify I'm allowed to send notifications to devices with that Application bundle.
B) My provider could be sent a "Device Token" via the downloaded application on the device over HTTP, and when I send that Device Token to the APN service, it will know the user has allowed me to send those notifications.
My questions are:
1) If I were to use method A, how could I target certain devices to send the notifications to if I don't have a device token?
2) If I use method B, where would I receive the device token to send silent notifications if my user "Doesn't Allow" push notifications? Will
func application(_ application: UIApplication,
didRegisterForRemoteNotificationsWithDeviceToken deviceToken: Data)
Still run and allow me to pull the deviceToken out, so I can send it via HTTP to my provider?
I've adopted a piece of software that used Certificate based Push Notifications (I think) and was unsure of how it was differentiating who to send notifications to with any deviceTokens. Once I rebuilt and redownloaded the application on my iOS device the notifications stopped working, so I assumed the certificate was no longer associated with the build.
I'm also curious as to how someone can debug notifications on a physical device. I've tried the Console app on Mac and have had little luck seeing any print statements I put in the code.
I'm still very new to iOS programming so please correct me if any of my understanding of the APN Service is wrong! Thank you very much in advance!
There are a few things to understand:
Your Company/Team's Certificate
Your App/Bundle's Provisioning profile
Your Client/User's Device Token
Your BackEnd Server
1 & 2 are bundled in your app when you upload it to App Store.
You get 3 when you ask user the permission for sending PN. [For this 2 should have the capability for remote push notifications enabled]
You give 1 & 3 to 4. [1 for establishing connection with APNS server, 3 to send PN to a specific iOS device]
So, to answer your question: You need both A & B.
For better understanding how APNS works I am attaching a reference diagram that would help to clear your concept for the same.
** If I were to use method A, how could I target certain devices to send the notifications to if I don't have a device token?**
Without Device token, you won't be able to target the iPhones or
idevices on which you want to send the push notification
if my user "Doesn't Allow" push notifications -> then you won't be able to generate PUSH DEVICE TOKEN hence in this scenario you won't be able to receive any push notification.
I am trying to determine what I need to do with respect to the combination of APNS endpoint (e.g., development or production), Xcode, and Apple Push certificates in order to test push notifications while in development. I feel like I've tried every possible combination, but I must be missing something ...
Background
When using Apple's HTTP/2 APNS endpoints from my "dispatch" server, my app/device does not receive pushes, and I receive a BadDeviceToken response from Apple.
Using the exact same .p12 certificate and deviceToken with the Pusher macOS testing app (which uses legacy APNS endpoints), the pushes successfully deliver.
To complicate this further ...
When using Apple's HTTP/2 APNS endpoints from my "dispatch" server for PassKit pushes, my pass/device does receive pushes.
So ...
Point #3 tells me that my "dispatch" server must be configured properly, because pushes to the Apple Wallet pass cause a response (e.g., I can see follow-on requests to my server's endpoints from the Wallet / the pass).
That said, Apple Wallet is a "Production" app. I suspect that, because my app (from Point #1) is non-production/development, something is different.
.
Question
Has anyone been able to successfully receive -- in Xcode -- push notifications sent to Apple's api.development.push.apple.com endpoint? Can you outline the steps you performed (which certificate from developers.apple.com, etc.)? Thank you!
You should be able to send development push from server:
You need to connect to api.development.push.apple.com:443 instead of api.push.apple.com:443. You can use production certificate for both.
Sending push to production server can not work with development builds - only with a build that is exported with AppStore configuration, but you can't debug those (at least not with Xcode)
If you need to check whether the production endpoint works, you can use testflight
Set development certificate from apple developer portal.
Use either production/test server for communicating with APNS.
Edit your target scheme as follows :
This will ensure that when push notification arrives, control will itself fall in the code. It might seem confusing. But here it is how it works :
- Install app on device and stop the Run process from Xcode.
- Place a breakpoint on didReceiveRemoteNotification.
- Send a push notification to device.
- Xcode will itself start the app and control will go to the above function.
After reading and searching, apple MDM client - MDM server interaction seems to be:
When Server wants do sth on devices, it sends a notify to APNS (with device token & AppID for APNS to know which devices and application need to receive notification).
APNS send notify to provided app on provided device
when receive notify from APNS, Apple-MDM-client will connect to server, get command and do the command task on devices.
My questions are:
The application that registered for APNS is my application (MY_APP, not Apple-MDM-client). That means the one which receive notification is my MY_APP. Then how Apple-MDM-client know about the notification in order to connect to MDM server?
The solution can be: MY_APP receive notification, then connect to server, get command and push received commands to Apple-MDM-client, tell Apple-MDM-client do the task. If this approach is correct, how MY_APP can communicate to Apple-MDM-client?
There must be API for that purpose but I can not find it via google...
Please take a look at my answer for your original question:
How does MDM in IOS really work?
MDM is clientless protocol. Your MY_APP is not involved in MDM protocol.
What happens is:
Your server send push notification using device token, topic and PushMagic.
This is a little bit unusual push notification, because you don't specify AppID
(Check "Structure of MDM Messages" section in the MDM documentation
This push message goes directly built-in MDM client
MDM client will go and talk to server (to get new commands)
As you can see your app isn't involved in MDM at all.
I would like to enforce Victors answer(because answers to Apple's MDM are so few on the internet)!
Again, in MDM protocol the is no application that has to subscribe to Apple's push notification service, the iOS is the client here. He will be dealing with handling the requests from APNS, but for this to happen the device must have a special kind of configuration profile installed, named an enrollment profile, which is like a normal configuration profile with two payloads in it: an MDM payload, and a Certificate payload, and thats it! After the user install is, the iOS client is ready to receive requests from APNS.
I am developing an IOS Framework with several functionalities, and I would like to add push notification services. I created my own push notification service using Easy APNS. I do not know how to deal with others apps when They integrated my SDK. I mean, I do not know, if they have to send me their distribution certificates, and I can add them in my push notifications service, or If I need to integrate something in their push notification servie.
I do not know how to deal with a Framework that will work with others app and push notifications.
Yes, If a app supports APNS then it has bundled with APNS enabled service(Push Notification service) certificate.
Assuming that your server is responsible for sending push notifications to all the applications using your SDK, you'll need to get from the developers of those app their push certificates.
I'm assuming that your SDK will handle the sending of the device token from an application to your server. You'll have to know in your server which device token belongs to which application.
For each application for which you wish to send push notifications, you'll have to maintain a separate connection to APNS using the certificate supplied by the developer of that application.