For Google cloud messaging, is there a use for storing the token? Or can we just work with the registration id? Trying to setup push notifications and was wondering why they use both tokens and registration ids.
Use the token on your server, to specify the device you want to send a message to. You, as a developer, have no significant use for the registrationID, in terms of actually sending the message.
From my understanding, token is used to authorize your application' access to Google Service while registration id is the unique identifier of an app on a specific device. GCM uses Registration ID to identify the device and app to send push notification to. So to answer your question, you need both of them.
Related
To learn some new technologies, I am building a small chat application that allows users to send messages to each other. I have set up my app with auth0 for client authentication and user management. My chat messages include the sub of a user as the unique author_id.
Now, for my use case, I would like everyone who has received a message to pull up a small user profile card for the message author. This means querying the user management system with the author_id to retrieve the user profile.
I have found the get users by id endpoint which seems to fit my needs. The problem here is that this API requires a management API token, which will not be available on the client side.
Should I set up a pass-through API which authorizes users based on their app JWT token, and then requests the user profile from the auth0 API with the management token? Or should I be looking at a different approach (the fact that this API requires a management token seems to suggest so)?
Due to the rate limit of the management API it is considered better practice to use an external database to save and retreive user data.
I am using an Identity and Access Management(IAM) vendor who provide a Multi-Factor Authentication (MFA) Service (using SMS and other channels). They use Twilio as their SMS service provider and what I see currently is a behaviour (described in the scenario below) from my IAM provider which is strange and wondering what the underlying Twilio API's behavior is.
I am unable to see this info from the Twilio API docs hence seeking assistance.
Scenario:
Customer uses IAM to login and my IAM provider using Twilio sends a OTP
The OTP comes through but in my test case, I trigger the resend OTP process
In both the steps, I get the right message (the template and senderID that we have configured in the IAM tool)
If I now trigger the OTP resend process a second time (3rd OTP in total for the same number), we receive a message which has AUTHMSG as the senderid and uses a default template message (which is different from what we have configured).
I am working with my IAM vendor to understand what is happening here and I am trying to see if Twilio is playing a part in this (trying to do some smarts as they think that there is some SMS delivery issue - which is the message I am in a way communicating by hitting the resend OTP multiple times)
Is AUTHMSG a senderID that is owned by Twilio? I don't believe so but I am trying to better understand this space.
SenderID is a construct that varies from country to country. Some Contries mandate that users register it with the local regulators while in other countries there is no explicit registration process.
I am worried that if my customers receive this message, they are going to be confused and suspect a Spam/Phishing kind of an activity.
I attempted a similar exercise with PayPal and they were consistent in their SMS OTP Resend. The message was always the same. Unlike my IAM provider, PayPal sends OTP from multiple mobile numbers. In my tests I observed them sending OTPs from two distinct mobile numbers.
Would be glad if someone could assist and provide info in this space.
I will continue to work with my IAM provider and their support channel to see what is happening here.
When using Twilio Verify in a country that supports alphanumeric sender IDs, Twilio uses the AUTHMSG sender ID and registers it with countries around the world that require this, to ensure the best deliverability of OTP messages.
I think you will need to work with your IAM provider, and work out how they have implemented sending OTP messages to see what is going on here. If it is unclear, then you or the IAM provider may also have to contact Twilio support.
So I am testing out Dialogflow and one of the first questions I have is: how does my bot know who it is talking to? I need to identify a user and keep that information for as long as I can. The basic scenario being:
User starts his/her first conversation.
Chatbot send a fulfillment request to the server trying to match a user within its own database.
The user is found, the information (as a JWT or some other token) is sent back to Dialogflow and stored there for further communication. In reality, this part would involve asking for user email, sending a verification code to that email and then verifying the user with the code.
User then starts chatting with a bot and all fulfillment requests get the unique token stored for this very user, so that my REST API knows which user is being served with the response.
Couldn't find anything about it in the docs (maybe I am looking in the wrong places).
There will be several integrations, like Messenger, Viber, Telegram. I dunno, maybe those APIs add some unique information on the user?...
Thanks for the help!
Sorry, I know it's been a while, but maybe this will help someone else.
The right solution here is a user id, not a session id. A user id is provided by the chat platform (Facebook, Slack etc) and is consistent across sessions for the same user.
To get the user id, go to the Fulfillment tab, enable the editor and use a function like so:
let r = request.body.originalDetectIntentRequest
//this makes sure that you're on an integration
if (r["source"]){
return r.payload.data.sender.id;
}
To tie together ids from different platforms, you probably have to have some kind of log-in process every time you encounter a new id on a platform.
Pop,
Sessions are built in already into DialogFlow requests to your fulfilment service, if you check the payload you will find a sessionId, it remains the same for the same client until it expires.
However if you want to identify the user from any of the clients that you can connect to DialogFlow like Messenger then from the same request payload to you you will notice that there is an object named originalRequest that is only available when requests are coming from those clients.
You can personalize those users response eg using their FB firstname in a message to them.
Let's imagine that we have ecommerce website that suggests 3 way for user registration:
regular email
via facebook
via twitter
Now let's imagine that we have user signed via facebook/twitter account and we need send him notification about his order (order complete or s/t like that). How can we do this? It is absolutely clear for regular email users - we should just email them notification, but what about Facebook/Twitter users?
Thank you!
With Facebook when they authenticate with your application, you can request email permissions to be able to access the email address they have nominated to use with their facebook account. At the point of registeration you could then store this address in your database and all order flow could follow the existing email path.
You could probably re-use this methodology for twitter too.
I can understand the need to differentiate on registration processes however I think you want to streamline post order notification as much as possible for consistency across users.
I am developing an application in which I want to use push notification service. I have a server, now I want to know that
How do I handle multiple devices?
Is there a unique device id/name for every iphone?
Suppose I want to delete request for a specific device token, so how do I handle multiple users?
Is there a way I can generate unique name for every device through application?
You should really read the APNS documentation, this is all explained in depth there.
The short answer is that when you launch an app on the phone it requests a push notification key from the OS. You then take that key and send it back to your server. Your server uses that key when it sends a push via Apple's servers to indicate the devices to send the push out to.
The service just gives you a token. If you want accounts or device names you need to come up with them and store them with the credentials on your server.
You handle multiple users by same way you handle single users, you send message with the appropriate key to the service.
As for deleting a request, you can't. It is like a text message, there may be some latency before hits the device, but the moment you commit the push it could be delivered instantly.