Page 1
© 2016 Apple Inc. All rights reserved. Redistribution or public display not permitted without written permission from Apple.
System Frameworks #WWDC16
Session 724
What’s New in Apple Push Notification Service
Mayur Mahajan Apple Push Notification Service Engineer
Page 2
Review
HTTP/2 provider APIInstant feedbackLarger payloadSimplified certificate handling
Page 3
Sending notificationsHTTP/2 Provider API
APNs Provider
Client App
Page 4
Sending notificationsHTTP/2 Provider API
APNs Provider
Client App
Page 5
Sending notificationsHTTP/2 Provider API
APNs Provider
Client App
Page 6
Sending notificationsHTTP/2 Provider API
APNs Provider
Client App
Page 7
Sending notificationsHTTP/2 Provider API
APNs Provider
Client App
Page 8
Sending notificationsHTTP/2 Provider API
APNs Provider
Client App
HTTP/2 request
Page 9
Sending notificationsHTTP/2 Provider API
APNs Provider
Client App
HTTP/2 request
HTTP/2 request
Page 10
Simplified Certificate Handling
Application pushVoIP pushComplication pushDevelopment and production environment
Page 11
Token Authentication
NEW
Page 12
Token Authentication
Page 13
Token Authentication
Simplified provider authentication when connecting to APNsSecureEasy to generateNo more expired certificates!
Page 14
Connecting to APNs with client certificateCertificate Authentication
AccountAPNs Provider
Page 15
Connecting to APNs with client certificateCertificate Authentication
AccountAPNs Provider
Page 16
Connecting to APNs with client certificateCertificate Authentication
Account
TLS
APNs Provider
Page 17
Connecting to APNs with client certificateCertificate Authentication
Account
TLS
APNs Provider
Page 18
Connecting to APNS with Token AuthenticationToken Authentication
AccountAPNs Provider
Page 19
Connecting to APNS with Token AuthenticationToken Authentication
AccountAPNs Provider
Page 20
Connecting to APNS with Token AuthenticationToken Authentication
Account
TLS
APNs Provider
Page 21
Connecting to APNS with Token AuthenticationToken Authentication
Account
TLS
APNs Provider
Page 22
Connecting to APNS with Token AuthenticationToken Authentication
Account
TLS
APNs Provider
Page 23
Token Authentication
TLS
APNs Provider
Page 24
Token Authentication
TLS
APNs Provider
Request with token
Page 25
Token Authentication
TLS
APNs Provider
Page 26
Token Authentication
TLS
APNs Provider
Response
Page 27
DetailsToken Authentication
Provision signing key via Developer Account
Page 28
DetailsToken Authentication
Provision signing key via Developer Account
Page 29
DetailsToken Authentication
Provision signing key via Developer AccountConstruct the token Sign token using ES256 (ECDSA using P256 curve, SHA256 hash)
Page 30
// Token Authentication
// JSON Web Tokens
eyJhbGciOiJFUzI1NiIsImtpZCI6IkFCQ0RFRkdISUoifQ.eyJpc3MiOiIxMjM0NTY3ODkwIiwiaWF0Ijoi
MTQ2Mzk3NTIzMyJ9.aBup1REyXE9Po8ekWJ3ifUly67NlPyTlcgfSwy...
Header
{
"alg": "ES256",
"kid": "ABCDEFGHIJ"
}
Claims
{
"iss": “QRSTUVWXYZ”,
"iat": "1463975233"
}
Signature
Page 31
// Token Authentication
// JSON Web Tokens
eyJhbGciOiJFUzI1NiIsImtpZCI6IkFCQ0RFRkdISUoifQ.eyJpc3MiOiIxMjM0NTY3ODkwIiwiaWF0Ijoi
MTQ2Mzk3NTIzMyJ9.aBup1REyXE9Po8ekWJ3ifUly67NlPyTlcgfSwy...
Header
{
"alg": "ES256",
"kid": "ABCDEFGHIJ"
}
Claims
{
"iss": “QRSTUVWXYZ”,
"iat": "1463975233"
}
Signature
Page 32
// Token Authentication
// JSON Web Tokens
eyJhbGciOiJFUzI1NiIsImtpZCI6IkFCQ0RFRkdISUoifQ.eyJpc3MiOiIxMjM0NTY3ODkwIiwiaWF0Ijoi
MTQ2Mzk3NTIzMyJ9.aBup1REyXE9Po8ekWJ3ifUly67NlPyTlcgfSwy...
Header
{
"alg": "ES256",
"kid": "ABCDEFGHIJ"
}
Claims
{
"iss": “QRSTUVWXYZ”,
"iat": "1463975233"
}
Signature
Page 33
// Token Authentication
// JSON Web Tokens
eyJhbGciOiJFUzI1NiIsImtpZCI6IkFCQ0RFRkdISUoifQ.eyJpc3MiOiIxMjM0NTY3ODkwIiwiaWF0Ijoi
MTQ2Mzk3NTIzMyJ9.aBup1REyXE9Po8ekWJ3ifUly67NlPyTlcgfSwy...
Header
{
"alg": "ES256",
"kid": "ABCDEFGHIJ"
}
Claims
{
"iss": “QRSTUVWXYZ”,
"iat": "1463975233"
}
Signature
Page 34
// Token Authentication
// JSON Web Tokens
eyJhbGciOiJFUzI1NiIsImtpZCI6IkFCQ0RFRkdISUoifQ.eyJpc3MiOiIxMjM0NTY3ODkwIiwiaWF0Ijoi
MTQ2Mzk3NTIzMyJ9.aBup1REyXE9Po8ekWJ3ifUly67NlPyTlcgfSwy...
Header
{
"alg": "ES256",
"kid": "ABCDEFGHIJ"
}
Claims
{
"iss": “QRSTUVWXYZ”,
"iat": "1463975233"
}
Signature
Page 35
// Token Authentication
// JSON Web Tokens
eyJhbGciOiJFUzI1NiIsImtpZCI6IkFCQ0RFRkdISUoifQ.eyJpc3MiOiIxMjM0NTY3ODkwIiwiaWF0Ijoi
MTQ2Mzk3NTIzMyJ9.aBup1REyXE9Po8ekWJ3ifUly67NlPyTlcgfSwy...
Header
{
"alg": "ES256",
"kid": "ABCDEFGHIJ"
}
Claims
{
"iss": “QRSTUVWXYZ”,
"iat": "1463975233"
}
Signature
Page 36
// Token Authentication
// JSON Web Tokens
eyJhbGciOiJFUzI1NiIsImtpZCI6IkFCQ0RFRkdISUoifQ.eyJpc3MiOiIxMjM0NTY3ODkwIiwiaWF0Ijoi
MTQ2Mzk3NTIzMyJ9.aBup1REyXE9Po8ekWJ3ifUly67NlPyTlcgfSwy...
Header
{
"alg": "ES256",
"kid": "ABCDEFGHIJ"
}
Claims
{
"iss": “QRSTUVWXYZ”,
"iat": "1463975233"
}
Signature
Page 37
// Token Authentication
// Request example
HEADERS
- END_STREAM
+ END_HEADERS
:authority = api.push.apple.com
:method = POST
:path = /3/device/ad2bcd38f6773cdad050411...
authorization = bearer eyJhbGciOiJFUzI1N...
apns-topic = com.foo.tokenauth
DATA
+ END_STREAM
{ "aps" : { "alert" : "Hello Token Authentication" } }
Page 38
// Token Authentication
// Request example
HEADERS
- END_STREAM
+ END_HEADERS
:authority = api.push.apple.com
:method = POST
:path = /3/device/ad2bcd38f6773cdad050411...
authorization = bearer eyJhbGciOiJFUzI1N...
apns-topic = com.foo.tokenauth
DATA
+ END_STREAM
{ "aps" : { "alert" : "Hello Token Authentication" } }
Page 39
// Token Authentication
// Response example
HEADERS
+ END_STREAM
+ END_HEADERS
:status = 200
Page 40
// Token Authentication
// Response example
HEADERS
- END_STREAM
+ END_HEADERS
:status = 403
content-type = application/json
DATA
+ END_STREAM
{ "reason": "InvalidProviderToken" }
Page 41
// Token Authentication
// Response example
HEADERS
- END_STREAM
+ END_HEADERS
:status = 403
content-type = application/json
DATA
+ END_STREAM
{ "reason": "ExpiredProviderToken" }
Page 42
DetailsToken Authentication
Signed tokens need to be generated periodicallySigning key does not expireSigning key can be revoked through your Account
Page 43
Coming later this year…
Page 44
More Information
https://developer.apple.com/wwdc16/724
Page 45
Related Sessions
Introduction to Notifications Pacific Heights Wednesday 9:00AM
Advanced Notifications Pacific Heights Wednesday 10:00AM
Page 46
Labs
Notifications Lab Frameworks Lab C Wednesday 11:00AM
Notifications Lab Graphics, Games & Media Lab B Friday 9:00AM