Closed nglgzz closed 6 years ago
Yes, this is expected.
Vapid requires the sub
, and chrome also requires both the exp
and aud
. If you don't specify the aud
parameter, it will use one derived from the endpoint. I'll note that you can't use endpoints interchangeably (e.g. you can't use an endpoint generated for firefox on chrome or chrome on edge, etc.).
You can specify your own values for aud
and exp
which will not be overwritten. Be aware that exp
cannot be more than 24 hours in UTC. You may also wish to check that your server time is accurate, since that could produce clock skew, and make your VAPID header invalid.
Okay, thank you for the clarification 👍
@jrconlin we had the same issue here using pywebpush
.
We store a VAPID_CLAIMS
dict in our django settings file and we noticed it was changed after calling the webpush
func for the first time, making all subsquent calls to that function to fail.
I think in the most cases people which use this library aren't expecting it will mutate the dict sent as vapid_claims
param.
It could be easily fixed on your end cloning the dict before adding the missing keys, what do you think?
Pushed py_vapid 1.4.0 https://pypi.org/project/py-vapid/1.4.0/#description
@jrconlin thanks man
I have an object in my Django config for vapid claims and I'm using it in the webpush method.
I couldn't realize why after sending push messages on Firefox I was constantly getting "unauthorized registration" errors on Chrome, until I saw that the object passed as
vapid_claims
parameter gets modified from something like this:to this :
I tried passing every time a new object and everything works fine, but now I'm wondering, is this expected behavior, and am I supposed to store that modified object?