[英]iOS push notifications using TLS certificate vs. using authentication tokens
I am reading the documentation for both push using TLS certificates and push using authentication tokens我正在阅读使用 TLS 证书推送和使用身份验证令牌推送的文档
But besides explaining how to configure each, the articles don't really explain the differences or pros/cons of both approaches.但除了解释如何配置每种方法之外,这些文章并没有真正解释两种方法的差异或优缺点。 Can somebody explain them to me?有人可以向我解释它们吗?
Token-based authentication is newer and essentially simplifies APNS authentication.基于令牌的身份验证较新,从本质上简化了 APNS 身份验证。 It is based on a public and private key pair that you can generate on your Apple developer account.它基于您可以在 Apple 开发人员帐户上生成的公钥和私钥对。
Here are the main reasons why it is simpler:以下是它更简单的主要原因:
A good source of intel is the 2016 WWDC video regarding APNS: https://developer.apple.com/videos/play/wwdc2016/724/一个很好的英特尔来源是 2016 年关于 APNS 的 WWDC 视频: https : //developer.apple.com/videos/play/wwdc2016/724/
For 2020, you can only realistically use the "token" method. 2020年,你只能现实地使用“令牌”方法。 The older approach is legacy and they will probably axe it.较旧的方法是遗留问题,他们可能会砍掉它。
Your private key will look like this你的私钥看起来像这样
let keystring = `-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49Aas8d76as8das687asd687asd68as8brwUIWA46qcXis
zCu6dbd4s8d7b5s86gf98ugtr28re7089a7d6tbvpiiui524kyfpq9861eFJP7we
eE7rX4182609457ohgyj3lhgp98wfb698bfg69287f2k4htgwpo876grwo7XDklz
9fdg689d
-----END PRIVATE KEY-----`
your key id will look like this您的密钥 ID将如下所示
let keyId = "CTU7XXBPRH"
and your Apple team id is your usual Apple team id, which looks like "YWD3UUTEWD".并且您的 Apple 团队 ID 是您常用的 Apple 团队 ID,看起来像“YWD3UUTEWD”。
Nowadays - thank goodness - it is relatively easy to get the private key and key id from inside your company's account on the Apple developer website.如今 - 谢天谢地 - 在 Apple 开发者网站上从贵公司帐户中获取私钥和密钥 ID 相对容易。
If you want to test sending a push on an ordinary Node server on AWS, I strongly recommend this outstanding new npm, APNS2 https://www.npmjs.com/package/apns2如果你想在 AWS 上的普通 Node 服务器上测试发送推送,我强烈推荐这个优秀的新 npm,APNS2 https://www.npmjs.com/package/apns2
let bn = new BasicNotification(deviceToken, 'Hello')
It's about that easy to send pushes.发送推送就是这么简单。
Tips:小贴士:
Don't forget the damned "development/sandbox" pushes only work ON AN IPHONE TETHERED TO YOUR MAC/XCODE!不要忘记该死的“开发/沙盒”推送只能在连接到您的 MAC/XCODE 的 IPHONE 上工作!
development/sandbox pushes - only for an iPhone tethered to your Mac with a build running from Xcode开发/沙盒推送 - 仅适用于通过 Xcode 运行构建并连接到 Mac的 iPhone
production pushes - they do work completely fine with TestFlight builds .生产推送 -它们与TestFlight构建完全一致。
Additionally: don't forget that the so-called development/sandbox pushes are often flakey.另外:不要忘记所谓的开发/沙盒推送通常是不稳定的。 Often, they don't arrive for hours, they don't arrive at all, they simply don't work in many regions.通常,他们几个小时都没有到达,他们根本没有到达,他们根本不在许多地区工作。
Don't forget that it is TOTALLY OK to use the "production" ones, simply, with a TestFlight app.不要忘记,使用TestFlight应用程序完全可以使用“生产”应用程序。
So所以
Whereas if you而如果你
(To be clear, when using APNS2, if you do want to try "development" pushes, to order "development" pushes, simply use the extra line of code explained at the bottom here https://www.npmjs.com/package/apns2 ) (需要明确的是,在使用 APNS2 时,如果您确实想尝试“开发”推送,要订购“开发”推送,只需使用此处底部解释的额外代码行https://www.npmjs.com/package /apns2 )
In 2021, Apple's Setting Up a Remote Notification Server state 2021 年,Apple 的设置远程通知服务器状态
Both techniques have advantages and disadvantages , so decide which technique is best for your company.这两种技术各有优缺点,因此请决定哪种技术最适合您的公司。
Both Fattie and Ika have said that TLS/ Certificate based authentication is inferior. Fattie 和 Ika 都表示基于 TLS/证书的身份验证较差。 The Project UI in Firebase also uses language which doesn't explain much IMHO: Firebase 中的项目 UI也使用了不能解释太多恕我直言的语言:
Configuration with auth keys is recommended as they are the more current method for sending notifications to iOS建议使用身份验证密钥进行配置,因为它们是向 iOS 发送通知的最新方法
.p12
and use it your application.更简单的设置过程:因为您只需要下载.p12
并将其用于您的应用程序。 Go into developer.apple.com, create a Push Notification Key.进入 developer.apple.com,创建一个推送通知密钥。 However, your application has to renew these tokens every hour.但是,您的应用程序必须每小时更新这些令牌。 Creating a .p12
for TLS authentication is a little bit more involved.为 TLS 身份验证创建.p12
涉及更多。Does this kind of even security matter, or is it just more convenient to use Token Auth?这种安全性是否重要,还是使用令牌身份验证更方便? I would say in most cases, go with Token auth.我会说在大多数情况下,使用令牌身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.