I'm currently working on a push notification API that will work with several apps at once, handling notifications and reducing programming time for future apps. It's already partially working, as I'm able to register and receive notifications on Android devices.
Eventually, one of our apps is gonna send broadcast notifications to registered users. But some tokens might be expired, which will lead to a GCM failure. I already tested, and it seems that sending an array of tokens to GCM with a single http call is working really well, as devices with valid tokens got their notifications.
What I wasn't able to find searching GCM documentation was a way to get more details in case of failure. For example, when I send a notification to two users, one with a valid token and the other with an invalid one, I got this result :
{
"multicast_id":7625209716676388798,
"success":1,
"failure":1,
"canonical_ids":0,
"results":[
{"error":"InvalidRegistration"},
{"message_id":"0:1466511379030431%c4718df8f9fd7ecd"}
]
}
We can see that one of the messages failed to send, but what I'm looking for is a way to get more details, ideally the token that leads to a failure, so I can remove it from my database.
Any way to achieve that ? Using the message_id maybe ? Or is there any solution for me to find invalid tokens stored in my database so I can clear them ? I might have missed something in the documentation, even a link to it would be useful.
Based from this documentation, the GCM server will respond to your server with some information about the token you used to try to send the push notification.
According also to this link, if the app server fails to complete its part of the registration handshake, the client app should retry sending registration token to the server or delete the registration token. Wiping old tokens from the GCM servers can be done with ÌnstanceID.deleteToken().
Check these links:
How to remove gcm id from server which is not used
GCM get invalid tokens when sending to multiple devices at once
Related
Suppose that case when the client app has re-registered with the gcm itself but the server is unaware of this and now the server is sending notification to that particular client what I want is the notification should not be sent with the old registration id. How can this be done?
If your server sends a message to an invalid Registration token, it will probably receive a NotRegistered error response. You should handle this error accordingly by removing the corresponding token. As per the documentaion I linked above:
For all these cases, remove this registration token from the app server and stop using it to send messages.
I was reading some topics about security and how hackers can look at the request you send to the backend to figure out how your system works but I did not find any good solution to avoid this.
So I was wondering what would you do in your app (here an iphone app) to make sure that hackers cannot see the content of the request your sending to the backend.
example http://myserver.com/api.php/login&pwd=test&username=pwd,
how to hide this so that no one can see the content.
I was thinking of different solutions:
1) encrypt the pwd and the username (not ideal as hacker can still see the post function of the server you are sending the request to)
2) use SSL request (I think this is only interesting to secure the connection to the server, meaning if the hacker is using his phone to connect to the server he should be able to see the request he is sending and so see the full URL)
3) change my backend so that all the request are sent to the same post function with an encrypted message. Finally the backend would decrypt and dispatch the message to the right function. This could work as the hacker would only see the url I am sending my request but would not have any information on what I am sending.
example: http://myserver.com/api.php/receiver&message=415gre6168sg4rg4e61g6r8g
"415gre6168sg4rg4e61g6r8g" could be decrypted as:
"login#pwd#username" and so I would be able to send this to the right function
But I am sure some of you have encounter similar issues and have better suggestions, would be interested to see what you would do,
Thanks
Any encryption you add is an extra effort for the hackers.
But in terms of what concerns to Apple use SSL connection should be enought based on iOS and the new IT - Security.
You can read more about the security polices used/recommended by Apple on iOS Security Guide
I'm trying to acquire a 2 legged oauth2 access token for google's storage api through a service account.
The relevant documentation is contained here:
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
I first tried attempted to acquire the token through their HTTP/REST api. I eventually gave up being unable to get past a 400 response with the following details:
{ "error" : "invalid_grant" }
I then turned to the recommended method: using the java Google api client library (I'm using scala).
val credentialBuilder = new GoogleCredential.Builder()
.setTransport(GoogleNetHttpTransport.newTrustedTransport())
.setJsonFactory(JacksonFactory.getDefaultInstance())
.setServiceAccountId(Configuration.GoogleAPI.ServiceAccount.email)
.setServiceAccountPrivateKeyFromP12File(new File(Configuration.GoogleAPI.ServiceAccount.pkcs12))
.setServiceAccountScopes(Collections.singleton(StorageScopes.DEVSTORAGE_FULL_CONTROL))
def updateToken = {
val credential = credentialBuilder.build()
credential.refreshToken()
// ... do stuff here with token
}
Running the above, I get a TokenResponseException, with a payload identical to the error I was getting directly accessing the REST api. 400 Bad Request, invalid_grant error.
Doing some research (on both stackoverflow and elsewhere), I find that the most common reasons for this error message are:
1) The local clock is not synced with Google's servers. I suspected this even back when I was using the REST api because I've encountered this issue for other services before. I'm fairly sure its not a clock issue however, because I have repeatedly synced my clocks with an external ntp server:
sudo ntpdate -s ntp.ubuntu.com
2) The other common cause for this error is setting the service account client ID incorrectly. Most people set it to their service account client id (ending with "apps.googleusercontent.com") instead of their service account client email. Its pretty clear that this isn't the problem, since I'm correctly pointing to the email (the docs instructed this, so I followed the directions), ending with "#developer.gserviceaccount.com".
I'm stuck. I've checked the user documentation, the javadocs, various forums. The error message isn't very helpful (probably designed that way, since it's a security endpoint).
What other possible causes for this error exist? What can I do to get my service account access token?
If you are using OAuth2.0 to access a google analytics account then there could be one more reason of getting invalid_grant. As per developer docs:
If the application attempts to use an invalidated refresh token, an
invalid_grant error response is returned. The limit for each unique
pair of OAuth 2.0 client and Google Analytics account is 25 refresh
tokens (note that this limit is subject to change). If the application
continues to request refresh tokens for the same Client/Account pair,
once the 26th token is issued, the 1st refresh token that was
previously issued will become invalid. The 27th requested refresh
token would invalidate the 2nd previously issued token and so on.
Is there a way to tell when a GCM token is no longer valid, without actually attempting to send a notification and receive an error?
Thanks.
You can do this by using the dry run feature provided by the google.
When sending request for a notification from your web server to GCM servers you can add dry_run key to be true
This parameter allows developers to test a request without actually sending a message. The default value is false, and it must be a JSON boolean.
If the Notification key is invalid it would give the corresponding http response of the request
While using Google Cloud Message API I occasionally get 401 Unauthorized status. So, sometimes my push notifications are send and sometimes not, without changing anything in the API request.
I use curl request with server key.
I tried to specify IPs list and set it to "Any IP allowed".
I already tried to create new server keys and projects, as some people here tell it helps them in similar situation. Sadly, it not helps me.
I'm seeing a similar problem with other Google Cloud APIs and I suspect it's related to your authentication being expired. Make sure to refresh any tokens you are using.