I'm trying to get my head around how FCM actually works in Flutter. What's strange to me is that you can call:
FirebaseMessaging.instance.getToken();
and retrieve a token, even before the user has authorised the app for notifications. What's confusing to me is that:
I don't see anywhere where the FCM token is actually being uploaded to my FCM instance.
Once the user has authorised the app for notifications, how is the APNS token that is generated on acceptance actually linked/mapped to the one already in the FCM instance?
Furthermore, I always get the warning:
APNS device token not set before retrieving FCM Token for Sender ID '123412341234'. Notifications to this FCM Token will not be delivered over APNS.Be sure to re-retrieve the FCM token once the APNS device token is set.
But I can't see how to set the APNS token, or re-retrieve the token once the APNS token is set. Notifications are working on a real iOS device, so I don't see why i'm getting this message.
The docs are a little thin on the actual explanation of how FCM is communicating with an app instance in order to stay in sync with it. Can anyone help me understand this a bit better?
Related
My usecase is when user logout need to avoid sending notifications (deleteToken user). and when he again loggedin need to send the notifiations (need to generate new device fcm token).
After calling deleteToken method, and calling getToken returns previous one, not newer.
While using Unity 2020.3.9f1 and Unity IAP 3.2.1 I can send the initial subscription via a regular https request to my Spring backend and receive the user information from backend auth + purchase token via the request. I can then insert the expiry date (which I query from Google API using AndroidPublisher and the token) to my database and give premium features to the given user for that time period.
When the subscription is about to renew, I need to update the users premium feature expiry date in the database accordingly.
I already found out, that I can receive this renewal information, even if the client is not active, via Google Cloud Pub/Sub by linking it with the apps monetization. The backend then receives a purchase token, but this time there is no more user information since the request was not issued through a client/server request.
I also figured out that there is/was a developer payload to use for that purpose. My question is how I can add this to the subscription to link renewal subscription notifications to a certain user on receiving renewal subscription notifications. I do not really want to add a new index on a (at least in test mode always unique) purchase token to my database if I do not have to.
I use Firebase Auth in my app - can I make use of that in any way?
Is it safe to expose fcm token or notification key public?because i am consider to write fcm token to a public document with some data.cause in my case data would be easier to handle.I think this should be safe because without apikey the token or notification key is useless.but just in case I ask this question here want to make sure this approach is fully safe.
If you're asking if someone can send messages to your app using only a device token but no API key, that is not possible.
I have a service with a Django-based RESTful API that is designed for iOS devices to access. I'd like to store some user data on the server -- non-sensitive things like favorites for example. I don't want to make a new user create an account, but I would like for the data to not be publicly available. The service also uses Apple's Push Notification Service (APNS). All traffic to and from the service uses TLS/SSL.
I am considering using a CFUUID generated by the device on first launch as a username and the token provided by APNS as a password. I would create a user account after I successfully register the device with APNS and update the password if the APNS token changes.
Is this a bad idea? Is there a better approach?
The approach I've decided to take is the above but without using the APNS token as a password. Instead, the CFUUID and token are sent as form-encoded data in the body of an HTTPS PUT request with a server-generated password to returned in the body of the response.
I've not yet implemented push notifications in my app. My understanding is that the app running on the device must request a token, then send this token to my server, and that my server must pass this token to Apple whenever I want to push a message to the device / app.
Is a requested push token specific to the app, or do all apps on the device share a token?
Is there any way for me to validate that the token the device sends to my server was indeed generated by a request within my app?
I'm concerned about a possible spoof where a rogue app could send a valid token to my server that wasn't a token my app requested. This would trick my service into sending push notifications to that device/app.
I understand this is an unlikely scenario. I'm trying to create a mechanism to verify that when my app sends information to my server I am indeed talking with an instance of my app, not some rogue client. Push notifications seem like a possible way to achieve this.
Is a requested push token specific to the app, or do all apps on the device share a token?
No the requested token is specific to your Application and each device.
Is there any way for me to validate that the token the device sends to my server was indeed generated by a request within my app?
There is a service with apple in which you can query and find out if a token is "still valid", this is used for things such as when a user deletes your application and their token is invalidated, you can query the service and check if the token is still valid and if not delete it from your database...So you can also use this service to make sure any tokens given are valid...anyway if u try to push to an invalid token i suspect nothing will happen...
hope this helps
- (void)application:(UIApplication *)app didRegisterForRemoteNotificationsWithDeviceToken:(NSData *)dToken {
NSString *strToken = [NSString
stringWithFormat:#"%#",dToken];
NSLog(#"deviceToken is : %#",strToken);
strToken = [strToken stringByReplacingOccurrencesOfString:#" " withString:#""];
strToken = [strToken stringByReplacingOccurrencesOfString:#"<" withString:#""];
strToken = [strToken stringByReplacingOccurrencesOfString:#">" withString:#""];
NSLog(#"deviceToken is : %#",strToken);
}