Apple Push Notification Authentication Key (Sandbox & Production)

ios iphone swift push-notification

20,961

Apple Push Notification token-based authentication is an alternative to using provider certificates to connect to APNs. The provider API supports JSON Web Token (or JWT), an open standard, to pass authentication claims to APNs along with the push message.

To generate a provider token, obtain a private key for signing the token as described in Creating a Universal Provider Tokenin App Distribution Guide. You should construct a token with header containing a 10 character Key ID (kid). The token claims portion contains Issuer (iss) which is a 10 character Team ID. Your Team ID and Key ID values can be obtained from your developer account. The claims shall also contain Issued At (iat) which is the number of seconds from Epoch in UTC when the token was generated. The token must be signed with the Elliptic Curve Digital Signature Algorithm (ECDSA) using the P-256 curve and the SHA-256 hash algorithm (ES256), specified as a value in the algorithm key (alg).

{
    "alg": "ES256",
    "kid": "ABC123DEFG"
}
{
    "iss": "DEF123GHIJ",
    "iat": 1437179036
 }

For additional information along with list of available libraries for generating signed JSON web tokens, refer to https://jwt.io

This is a swift library to sign your JSON Web Token (or JWT) : kylef/JSONWebToken.swift

Note: Only providers tokens signed with ES256 algorithm are supported by APNs. Unsecured JWT or JWT signed with other algorithms will be rejected with a response indicating an Invalid Provider Token.

SOURCE : APPLE : Provider Authentication Tokens

WWDC 2016 - Session 724 : Token Based Authentication

PS:

The biggest difference is that The Key Way will not be expired than Certificate will be expired after one year.

20,961

William Bing Hua

Updated on July 09, 2022

Comments

William Bing Hua almost 2 years

I recently noticed a new option when creating a certificate for a given iOS client.

The option is titled

Apple Push Notification Authentication Key (Sandbox & Production)

Get an authentication key to generate server-side tokens. You can use these tokens as an alternative to certificates for your notification requests.

One authentication key can be used for multiple apps and does not expire.

How does one go about setting this up?
Sujay over 7 years

is "Apple Push Notification Authentication Key" required to create production certificate for "Apple Push Notification service SSL" ?
A J over 7 years

No, This is an alternate solution for the SSL certificates.