Closed kopax closed 4 years ago
I am trying to configure push notification with two clients (one from chrome and other one from firefox)
In chrome, pushing cause the unauthorized error:
the key in the authorization header does not correspond to the sender ID used to subscribe this user. Please ensure you are using the correct sender ID and server Key from the Firebase console.
In firefox, pushing cause the unauthorized error:
{
"code": 401,
"errno": 109,
"error": "Unauthorized",
"more_info": "http://autopush.readthedocs.io/en/latest/http.html#error-codes",
"message": "Request did not validate missing authorization header"
}
I am using web-push-java
to generate the headers, and I am not using a VAPID keypairs generated on firebase cloud manager, but one generated with this cli.
The headers send by the request look like this,
Chrome:
[TTL: 2419200, Authorization: WebPush eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJodHRwczovL2ZjbS5nb29nbGVhcGlzLmNvbSIsImV4cCI6MTU5NzgwODEzMywic3ViIjoibWFpbHRvOmQua29wcml3YUBnbWFpbC5jb20ifQ.k_rzKKmX0PBTr2WkGw0eYUV-0hfZ_x2YyKmTfvUu_knwC9VbVbArghOgtBsjtoMQvBf8udzRsqRWPzug4SYkJQ, Content-Encoding: aesgcm, Encryption: salt=xc4_6r19yFLN6RQgAb47DQ, Crypto-Key: dh=BEzq1bydxQKjt53e3Ui1EYRvXR3Zn7VFy7JcoGTYDCc_wkyy-E_Fn-zbqIHiAvm1UM4ar1vgrnyElmwgyXP5lHs=;p256ecdsa=BA4eDq9AC_vqPeCxEM_sfr6KQpDgPnJzW8cTZXlHRaxFrpxRyQwgW6Qk_yfgKblOQmYInisvFnFcgO33_NVj0TQ, Content-Type: application/octet-stream]
Firefox:
[TTL: 2419200, Authorization: WebPush eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJodHRwczovL3VwZGF0ZXMucHVzaC5zZXJ2aWNlcy5tb3ppbGxhLmNvbSIsImV4cCI6MTU5NzgwODEzMiwic3ViIjoibWFpbHRvOmQua29wcml3YUBnbWFpbC5jb20ifQ.0amelbSf07_OmVJ6fjOdN3B8__lKl92_Cz1x9okHgiymzEPF5dt4Fsv3It2eQTVnXl8AEyNun7YtQcrwojdNdQ, Content-Encoding: aesgcm, Encryption: salt=P2Y5k9eB29SJbKrMsccRvQ, Crypto-Key: dh=BJPBR3B_QQBCTJoH4cjHfX-1_r85wQKTUPaMQFNNtD-sKGgzjLV7pOimEbLtAk-hgJpTGlv0MC2mUpEPHah1WHE=;p256ecdsa=BA4eDq9AC_vqPeCxEM_sfr6KQpDgPnJzW8cTZXlHRaxFrpxRyQwgW6Qk_yfgKblOQmYInisvFnFcgO33_NVj0TQ, Content-Type: application/octet-stream]
The response receive look like,
Chrome
HTTP/1.1 403 Forbidden [Content-Type: text/plain; charset=utf-8, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Xss-Protection: 0, Date: Tue, 18 Aug 2020 15:46:48 GMT, Content-Length: 194, Alt-Svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"]
FireFox
HTTP/1.1 401 Unauthorized [Access-Control-Allow-Headers: content-encoding,encryption,crypto-key,ttl,encryption-key,content-type,authorization, Access-Control-Allow-Methods: POST, Access-Control-Allow-Origin: *, Access-Control-Expose-Headers: location,www-authenticate, Content-Type: application/json, Date: Tue, 18 Aug 2020 15:46:47 GMT, Server: nginx, Strict-Transport-Security: max-age=31536000;includeSubDomains, Content-Length: 199, Connection: keep-alive]
This is how I register the client.
This is how I handle the server
Does anyone have a clue on where I am failing to have proper headers?
The client was using a wrong public key. Sorry about this.
I have copied the
PushService
and added somes logging into it to understand the headers send while notifying and I got:This is my controller:
I added dots on keys. It seems that this module does the job but I keep getting unauthorized errors
Edited PushClient with logging bellow
Click to see relevant part with logging of original custom PushClient.java
```java /** * Prepare a HttpPost for Apache async http client * * @param notification * @param encoding * @return * @throws GeneralSecurityException * @throws IOException * @throws JoseException */ public HttpPost preparePost(Notification notification, Encoding encoding) throws GeneralSecurityException, IOException, JoseException { if (privateKey != null && publicKey != null) { if (!Utils.verifyKeyPair(privateKey, publicKey)) { throw new IllegalStateException("Public key and private key do not match."); } } Encrypted encrypted = encrypt( notification.getPayload(), notification.getUserPublicKey(), notification.getUserAuth(), encoding ); byte[] dh = Utils.encode((ECPublicKey) encrypted.getPublicKey()); byte[] salt = encrypted.getSalt(); HttpPost httpPost = new HttpPost(notification.getEndpoint()); httpPost.addHeader("TTL", String.valueOf(notification.getTTL())); if (notification.hasUrgency()) { httpPost.addHeader("Urgency", notification.getUrgency().getHeaderValue()); } if (notification.hasTopic()) { httpPost.addHeader("Topic", notification.getTopic()); } MapI am trying hard and I can't get why the subscription does not work. Is it because the https is provided with a public front proxy and not by the http server itself?