Would it be possible to use GCM to have an app installed on a persons computer send messages to an Android phone? Or does GCM require to be on a server - for example maybe it requires one GCM server ID per service or somesuch?
It should be possible (as long as you don't restrict your API key to work on a specific whitelisted IP). I tested sending GCM messages from my computer to my device and it works without any problem. Any application that can send HTTP requests to GCM server can send messages to devices.
The part that might be a problem is for the Android device to send its registration ID to the computer where the sender app is intalled. I'm not sure how would that be achieved with a sender app that's not deployed on a server.
Related
I've been breaking my head over how to do this, as it doesn't seem to fit any example I could find online.
My IOT device servers will run on the client network and may be accessed over it or over the open internet (with port forwarding). the device comes with a paper-printed initial pass like a router.
the client is running a mobile app.
As I hate planned obsolescence (ie, the device should keep working even if the company shuts down), I don't want to create a dependence on any third-party auth service, so the server and the app should just establish trust between themselves.
with the initial contact assumed to be trusted.
In all the examples for gPRC auth I could find, the client should somehow have ahead of time the server public key. but as there are many devices, and I want each one to have a unique cert, I don't see how I can ship the app preloaded for the specific device the user will get.
I have come up with the following:
the device generates private/public key
an insecure grpc channel serves the public key to the client
the secure grpc channel is established with that key
the client authenticates with the initial password to use the API over the secure channel
client changes the password
I'm not looking for super-max security, just basic common-sense security.
the main issue I have with the typical scheme where SSL is used to authenticate vs a domain is that I don't know via what domain/address the device would be accessed.
are there any glaring problems in the scheme? or any reason it would not work?
Thanks!
I have the starting shell of a SMAPI service programmed in Node.js. The service is running off of a local IP address.
When I goto the customSD page for my Sonos Play:1 and add the service details to it and it returns 'Success!' upon clicking submit.
When I open the Sonos Controllers on both my desktop and mobile, the service does not show up in the list of music services you can add.
I have logging on the server turned on to max and there are no connection attempts ( either SSL or HTTP ) at all.
From what I've read, a running service is not needed for it to show up in the list. Once it's added via customSD it should show up in the Music Service settings.
TO NOTE: A self signed cert is being used for https for connection testing only. I have certificate request logging turned on and there is NO connection attempt from the Sonos Play:1 to the local server at all. From everything I've read this shouldn't matter as it should show up in the Music Service list until you try to add it and then it will connect to the service.
The only thing I can think of is if this service needs to be registered with Sonos before it can be added via customSD, however at this time nothing I've read says that.
The other thing is if this service needs to be running off a domain name for some reason. However in the documentation it lists IP address so it would be bad documentation then.
I expect the service added via customSD should show up in the list. It does not appear when clicking on add.
Understood the issue and YvesGrantSonos has updated the documentation.
If you're developing locally a non-https IP address should be used for both the secure and non-secure API URI's.
You should be able enter a local IP address for the SMAPI service. For testing, this should be on the same local network as the Sonos player. Be sure to include the port number that the service is running on (i.e. http://192.168.1.2:8080/musicservice). You can use the same IP and port for secure and insecure connections.
I have a Progressive WebApp Chat application and I want to be able to be able to send or receive Push Notifications (on Mobile) and Web (Chrome) Notifications while on Desktop. Right now, I have a web client that is able to receive tickles i.e. data without payloads (payloads will then be fetched through an API call from my server)
I am using Pubnub to talk to GCM and APNS. I have working apps on Web, iOS(native) and Android(native) clients of my project. Right now, I am able to receive Push Notifications on my web app but without the payload.
No where is the server publishing anything. All publishes are done by the clients since its mainly a chat app.
From my Web/Android client, my pubnubPayload is:
var pubnubPayload = {
"text": "no payload!",
"pn_gcm": {
"data": {
"title": "shash",
"babe": "ya"
}
}
}
And then do a normal publish like this:
Pubnub.publish({
channel: myChannel,
message: pubnubPayload,
callback: someFunc
});
So, when I subscribe to a pubnub channel like this:
Pubnub.subscribe({
channel: selectedChannel,
message: function(m){
console.log(m)
},
error: function (error) {
// Handle error here
console.log(JSON.stringify(error));
}
});
I receive the message through Pubnub AND a push notification (but without the payload) on my webapp.
My question is:
How do I receive push notifications on web that have a payload? Is there someway pubnub lets you publish encrypted messages for webs client to be able to read the payload of the GCM push notification without using Pubnub's Access Manager?
Or is using PAM my only option and should fix the no payload issue?
PubNub Access Manager not required for Message Encryption
PubNub Access Manager and message encryption are not directly related and is not required to encrypt your messages, but all applications using PubNub should implement Access Manager to control who can do what on channels by granting permissions (read/write/delete) to auth-keys that your client apps will init PubNub with to use those channels as you intended.
Encrypt using Standard TLS (formerly known as SSL)
To encrypt messages, simply initialize PubNub with TLS enabled (ssl might be the name of the parameter but it is the latest TLS, not the old SSL that was deprecated). This will use standard TLS encryption from your server or client apps to the PubNub network.
Encrypt messages using Cipher Key for AES 256 Encryption
If you wish to have your messages encrypted from your server/client apps to PubNub and all throughout PubNub, just provide a cipher key when you initialize PubNub. The best part about this is that you hold the keys, not PubNub, so no one can read your messages except the holders of those cipher keys.
Custom Encryption using the encrypt/decrypt API
The question asked here includes mobile push notifications which means you can't encrypt the full message if you want the mobile push message to be sent by PubNub to the push services (APNS/FCM) and handled by those services properly. The realtime message will be sent as is - encrypted - to the client subscribers. But you can encrypt the important/confidential parts of the message and leave the parts that need to be ready by PubNub and the push services unencrypted using the encrypt and decrypt APIs. The article, Encryption for APNS, GCM, WMS with PubNub, is a bit old but should provide the required insights.
1) Are push notification messages from IBM Mobilefirst are guaranteed? At least delivering them to APNS server? What happens if APNS server is not reached from MFP, is there any retry mechanism? How can I know push message is delivered?
2) Is there a time out value that we can control when MFP connects to APNS to send push message?
3) Are there any other such settings related to push with APNS in MFP? Where can I find details and explanations of such configurations/settings/properties?
1) MFP server does its best to deliver push notifications to the respective mediator. If delivery to APN server does not happen successfully , MFP server retries dispatching the notification. After multiple retries, if the notification cannot be sent to APNS, the information is logged and can be found in the standard logs. This is where you should be analyzing your network settings.
If push notification is delivered successfully to the mediator, the "message sent" count is incremented. This can be found either by accessing the Push notifications tab in Operations Console or using REST API calls.
2) Timeout value for the connection to APNS ? There is no timeout value as such that can be controlled.Communication with APNS happens over persistent socket connections. There is a timeout value to keep this socket open.
"push.apns.connectionIdleTimeout"
3) Refer to the KnowledgeCenter link on Push Properties.
I would ideally want it to work on my the server on my laptop, as well as the website I deploy to. The reason being so I can send push notifications to the iOS app.
The certificate depends on the web server, correct? So what kind of webserver is meteor?