html5 push notification; vapid 403 forbidden

[jurgenweber]

Home Assistant release with the issue:

hass 0.92.1

Last working Home Assistant release (if known): hass 0.91.2

Operating environment (Hass.io/Docker/Windows/etc.):

hassbian/ python35

Component/platform: https://www.home-assistant.io/components/html5/

Description of problem: Forum thread here; https://community.home-assistant.io/t/html5-vapid-403-forbidden

Basically the new vapID fails after a period of time, if you restart HASS, expire your current keys and renew them or remove the html5_push_registrations.conf file and re-add your browsers after a period of time, push notifications will stop and you will receive an error.

Problem-relevant configuration.yaml entries and (fill out even if it seems unimportant):

notify:
  - name: html5_push
    platform: html5
    vapid_pub_key: !secret vapid_pub_key
    vapid_prv_key: !secret vapid_prv_key
    vapid_email: asdf@gmail.com

Traceback (if applicable):

2019-05-02 09:48:54 ERROR (MainThread) [homeassistant.core] Error executing service <ServiceCall notify.html5_push (c:ccc45d4ce2d7478a80de542b9d1a4a99): message=<homeassistant.helpers.template.Template object at 0x5d3e91b0>, target=['phone_browser', 'laptop_browser'], title=<homeassistant.helpers.template.Template object at 0x5d3e9310>>
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/core.py", line 1147, in _safe_execute
    await self._execute_service(handler, service_call)
  File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/core.py", line 1160, in _execute_service
    await handler.func(service_call)
  File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/components/notify/__init__.py", line 112, in async_notify_message
    await notify_service.async_send_message(**kwargs)
  File "/usr/lib/python3.5/asyncio/futures.py", line 380, in __iter__
    yield self  # This tells Task to wait for completion.
  File "/usr/lib/python3.5/asyncio/tasks.py", line 304, in _wakeup
    future.result()
  File "/usr/lib/python3.5/asyncio/futures.py", line 293, in result
    raise self._exception
  File "/usr/lib/python3.5/concurrent/futures/thread.py", line 55, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/components/html5/notify.py", line 458, in send_message
    self._push_message(payload, **kwargs)
  File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/components/html5/notify.py", line 495, in _push_message
    vapid_claims=self._vapid_claims
  File "/srv/homeassistant/lib/python3.5/site-packages/pywebpush/__init__.py", line 428, in webpush
    response=response)
pywebpush.WebPushException: WebPushException: Push failed: 403 Forbidden

Additional information: https://community.home-assistant.io/t/html5-vapid-403-forbidden

Please visit the forum thread for many people reporting the issue and some debugging I attempted to complete.

[ghost]

Hey there @robbiet480, mind taking a look at this issue as its been labeled with a integration (html5) you are listed as a codeowner for? Thanks!

This is a automatic comment generated by codeowners-mention to help ensure issues and pull requests are seen by the right people.

[SeraphimSerapis]

I was able to fix the problem for a day or two by removing push notifications and re-adding. Now the same problem appears again, leading to the conclusion that something must be corrupted.

[matthewcky2k]

I have the same issue. I'm pretty sure it worked fine for me on 91.4 maybe somthing to do with this PR?

https://github.com/home-assistant/home-assistant/pull/22737

[ultratoto14]

@matthewcky2k Reverting to pywebpush==1.6.0, restart ha and everything is working again.

[matthewcky2k]

yes that fixes it for me also

[jonostanck]

Is there any way to revert pywebpush to 1.6.0 in Hassio?

[r-oleary]

Would it be possible for someone to quickly describe how to revert? Either here or in the related forum post? Thanks!

[Burningstone91]

@r-oleary I wrote a quick explanation how to do this if you are interested. https://community.home-assistant.io/t/html5-vapid-403-forbidden/110953/26

[juan11perez]

HA 0.92.2 OS Docker

I report the same problem. notifications work for a few hours after a while it stops. error:

html5 push notification; Html5 vapid 403 forbidden html5 push notification; vapid 403 forbidden

[GoNzCiD]

I got the same problem las month... https://community.home-assistant.io/t/push-notifications-with-vapid-unauthorizedregistration/108498/5

[roybosch]

I've got the same problem. Generating a new key pair only worked for a day or two.

[QkulleQ]

+1, I receive '403 forbidden' too

[jurgenweber]

yeah, revert back to the old version works.

[shanefreeman]

The push notifications seem to always work when you enable notifications from a Firefox browser, but when you do the same from chrome (an andriod device) it always fails to it with 'pywebpush.WebPushException: WebPushException: Push failed: 403 Forbidden'.

[GoNzCiD]

@shanefreeman have you tried to edit .conf file and sort it placing first Chrome browsers and Firefox at the bottom?

[juan11perez]

the above guide to reinstall pywebpush==1.6.0 re-posted by @Burningstone91 works. The notifications have now been working consistently for 2 days

[shanefreeman]

@shanefreeman have you tried to edit .conf file and sort it placing first Chrome browsers and Firefox at the bottom?

Thanks for the tip, but I found overnight when I /just/ use Firefox it eventually stops working too, so I removed all html5 notifications because when that fails it fails the rest of the steps in the automation. I will just wait for it to be fixed later.

[shanefreeman]

the above guide to reinstall pywebpush==1.6.0 re-posted by @Burningstone91 works. The notifications have now been working consistently for 2 days

I tried this too (I am using a Hassio image if that matters), and that didn't fix it for me. It gave a similar error that I didn't take note of, before I removed that fix.

I am using pushbullet for now, and that works every time without issue.

[Burningstone91]

@shanefreeman Error log would have been helpful. For me this works without any issue for 3 days now on multiple devices.

[robbiet480]

@perosb Can you please submit a new PR to roll back #22737 as it appears to have broken HTML5 notifications for... everyone.

[bieniu]

Have you tried HTML5 component from this #22988? I use it for 2 days as custom component (pywebpush==1.9.2) and I don't have a 403 error. Earlier, error 403 appeared almost every day.

[perosb]

I was getting 403 earlier which was the reason for the bump in the first place. For the last week I'm also running the PR I'm #229988 and still no issues.

Maybe someone with the issue can try 1.9.3 instead?

[robbiet480]

Okay, just merged #22988. Lets hope that fixes things.

[roybosch]

@robbiet480: Have you seen this post? https://community.home-assistant.io/t/html5-vapid-403-forbidden/110953/43

If not, you might want to take a look at it as he claims to have found the problem.

[jrconlin]

Hey all,

I'm the maintainer of pywebpush (and I also work at mozilla dealing with the push service).

TTL is Seconds to retain a notification until the recipient is available. There can be a lot of reasons the recipient isn't available, particularly with mobile devices. (Bad connection, CPU powered down the radio, on a train going through a tunnel, etc.).

TTL=0 means "If the recipient isn't immediately available, toss the notification". Generally, it's probably not what you want. In most cases, TTL=28800 is probably good enough. It's 8 hours. That should be more than enough for the recipient to get the message, and it still be reasonably relevant. Servers get to set the max amount of time they'll hang onto a message, and will usually tell you if you exceed it.

I'll note that this is NOT the same thing as the exp in the VAPID header. That header identifies you as the sender and the exp says "This info is valid until this time". The max value for EXP is 86400, but due to the fact that clock skew is a thing, you probably want to use a value like 43200. The idea is that if you're sending lots and lots of updates (we get millions from some sources) calculating the same VAPID header over and over is really expensive, so you can cache the header and just reuse it for a few hours.

Finally, if you do have a bug with pywebpush (or have a question about push notifications) don't be afraid to reach out to me. I try to respond reasonably quickly.

[matthewcky2k]

@robbiet480 Will this be in a hotfix release ie 92.3? or will we have to wait for 93?

[jurgenweber]

I talked to @balloob the other night, he wasn't even aware that html5 push notifications were not working.. He was at the time making a 93 beta and said there would be no 92.3.

[pacman789]

Same here, after a hassio reboot It's working for a while. But I got the same API error message later.

[fefris]

same for me, got it working yesterday with a delete of the conf file. then after a reboot not working again with the same error

WebPushException: Push failed: 403 Forbidden

[droans]

Updated to 0.93. It worked the very first time, but hasn't since then. No error message this time - notifications just don't load.

[jurgenweber]

https://github.com/home-assistant/home-assistant/releases/tag/0.93.0

There is nothing in the changelog about pywebpush, which is disappointing. Not sure why it isn't in there. @balloob

[roybosch]

Let's hope it's in the next hotfix then!

[robbiet480]

@jurgenweber Nope, #22988 got merged, it's listed as Add TTL support and custom headers support. (@pszafer - #22988) (html5 docs) in the release.

[droans]

@robbiet480 how would I go about getting you more info? Since it's no longer producing an error, I can't see any issues in my logs.

[roybosch]

I just generated a new key pair again and registered every device again. I'll let you know if it stops working again.

[bieniu]

For me issue is gone after update HA to 0.93.

[droans]

@bieniu how are you doing notifications? I'm hoping to see what I'm missing.

[bieniu]

@droans

notify:
  - platform: html5
    name: html5
    vapid_pub_key: !secret vapid_pub_key
    vapid_prv_key: !secret vapid_prv_key
    vapid_email: !secret vapid_email

- id: notification_desktop_computer_turned_on
  ...
  ...
  action:
    - service: notify.html5_maciek
      data:
        title: 'Komputer stacjonarny włączony'
        message: 'Komputer stacjonarny jest włączony. Czy chcesz go wyłączyć?'
        data:
          tag: 'notification-desktop-computer'
          actions:
            - action: turn_off_desktop_computer
              title: 'Wyłącz'

[droans]

@bieniu bummer - I've got mine the same way. I tried adding in default_priority but that didn't help.

If I import my settings into node-red (node-red-contrib-web-push), I can get it to send out notifications but it doesn't want to include any message so it just reads "Undefined".

Thanks for the help, though!

[Burningstone91]

The issue disappeared for me as well after upgrading to 0.93

[droans]

Seems to be working now, hopefully will stay that way. I installed web-push (npm install web-push --save) and it worked immediately. Don't know if it was a coincidence or not Hopefully it will stay working!

[pacman789]

Issue is gone after update HA to 0.93.

[pratesbh]

Just realized that it was not working because I've moved to Brave browser recently. In this case it was failing silently. Maybe other people in same situation there.

[robbiet480]

Okay, gonna close this issue then since it appears to be fixed.