Open atkawa7 opened 2 years ago
Ended up copying the lib and changing the jose library to the common nimbus and those issues are now gone.
@atkawa7 I have the same problem as you, but I'm not sure I understood your solution. "changing the jose library to the common nimbus" - did you change it in the source code and re-built the jar?
@aistomin Yes that's what I did. I think you only need to changed three or 4 lines and exception. Something along these lines
var builder = new Builder();
builder.audience(notification.getOrigin());
builder.expirationTime(Date.from(Instant.now().plus(12, ChronoUnit.HOURS)));
if (getSubject() != null) {
builder.subject(getSubject());
}
var payload = new Payload(builder.build().toJSONObject());
var jwsObject = new JWSObject(new JWSHeader(ES256), payload);
if (privateKey instanceof ECPrivateKey ecPrivateKey) {
var jwsSigner = new ECDSASigner(ecPrivateKey);
jwsObject.sign(jwsSigner);
} else {
throw new JOSEException("Expected ECPrivateKey");
}
@atkawa7 sorry, one more question, did you use https://mvnrepository.com/artifact/com.nimbusds/nimbus-jose-jwt/9.23 ?
@aistomin Yes that's correct
@atkawa7 Sorry, Please Provide code line where to use? I have same problem. Especially imports
@atkawa7 Hi. Could you expand on your answer? Does this mean you removed the jwt code and replaced it with a 3rd party to generate the token? If so, do you know why the current code is not building a token Mozilla likes? I dont get the error you were getting with chrome but I do trying to push to the Firefox/Mozilla push service. I wonder what made this stop working
@umutawakil Yes that is correct. I removed jose4j and replaced it with nimbus-jose-jwt. @chamallamudi-gopikrishna
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jwt.JWTClaimsSet.Builder;
import static com.nimbusds.jose.JWSAlgorithm.ES256;
I have the same problem, I tried with the solution explained using nimbus, here is the code that I changed in AbstractPushService (and I adapted the rest for the JOSEException)... It still works with chrome, but not with firefox. Is there something else to modify ?
JWTClaimsSet.Builder builder = new Builder();
builder.audience(notification.getOrigin());
builder.expirationTime(Date.from(Instant.now().plus(12, ChronoUnit.HOURS)));
builder.
if (getSubject() != null) {
builder.subject(getSubject());
}
Payload payload = new Payload(builder.build().toJSONObject());
JWSObject jws = new JWSObject(new JWSHeader(ES256), payload);
if (privateKey instanceof ECPrivateKey) {
ECPrivateKey ecPrivateKey = (ECPrivateKey) privateKey;
ECDSASigner jwsSigner = new ECDSASigner(ecPrivateKey);
jws.sign(jwsSigner);
} else {
throw new JOSEException("Expected ECPrivateKey");
}
byte[] pk = Utils.encode((ECPublicKey) getPublicKey());
if (encoding == Encoding.AES128GCM) {
headers.put("Authorization", "vapid t=" + jws.serialize() + ", k=" + Base64.getUrlEncoder().withoutPadding().encodeToString(pk));
} else if (encoding == Encoding.AESGCM) {
headers.put("Authorization", "WebPush " + jws.serialize());
}
The error in firefox is still a 401 (Invalid VAPID tokens: A value in the vapid claims is either missing or incorrectly specified)
@sbodmer for me it turned out that the problem was not in the library at all. From experience I found out that Firefox requires sub
parameter in the notification. When I started providing email as sub
parameter "Invalid VAPID token" problem never happened to me with the latest version of the webpush-java.
Bingo, I added the "sub" part and now it works, thanks a lot my friend ;^) I read the spec and the "sub" is not mandatory...
@sbodmer I'm glad it helped.
I read the spec and the "sub" is not mandatory...
Yes, absolutely. Looks like it's either a Firefox bug, or intentional violation of the protocol :)
@aistomin, @sbodmer - can you please show what you changed in the code? I'm at a loss as to where to add this "sub" parameter.
You just have to add the Subject in your push service, nothing else changes...
Here is what I changed and solved the problem (but it was a long time ago, I'm not entirely sure...) push = new PushService(); push.setPrivateKey(vapiPrivateKey); push.setPublicKey(vapiPublicKey); push.setSubject("mailto:xxx"); //--- Needed for firefox
What was odd is that in the specification the "Subject" is not mandatory, but Firefox (not chrome) makes it mandatory, so they are violating the specifications.
Good luck
When using this library I am getting
Invalid VAPID token
. This occurs randomly sometimes you won't get it at all. Sometimes you do.The response I am getting is