getting 401 Unauthorized after changing the vapid key

[Amiralizim]

I am using the django-webpush library in order to implement a notification service in our application (the library uses pywebpush in order to send notification to users), I had to change the application's vapid key due to security reasons and the push notification started to fail after that on my browser. After reading docs I found the following description:

An application server that needs to replace its signing key needs to request the creation of a new subscription by the user agent that is restricted to the updated key. Application servers need to remember the key that was used when requesting the creation of a subscription.

As a result I have unsubscribed and then subscribed the user again using the newly generated vapid keys. Here is the error I'm receiving: {'code': 401, 'errno': 109, 'error': 'Unauthorized', 'more_info': 'http://autopush.readthedocs.io/en/latest/http.html#error-codes', 'message': 'Request did not validate missing authorization header'}

System descriptions:

Chromium version: 85.0.4183.83 Operating system: Pop!_OS 18.04 LTS

here is how I'm encoding the key when sending it to pushManager.subscribe : ` function urlB64ToUint8Array(base64String) { const padding = '='.repeat((4 - base64String.length % 4) % 4); const base64 = (base64String + padding) .replace(/-/g, '+') .replace(/_/g, '/'); const rawData = window.atob(base64); const outputArray = new Uint8Array(rawData.length); const outputData = outputArray.map((output, index) => rawData.charCodeAt(index));

return outputData;

} `

[jrconlin]

That's kind of how VAPID is supposed to work.

It's why you want to keep your vapid private key secret.