atkawa7
commented
2 years ago Ended up copying the lib and changing the jose library to the common nimbus and those issues are now gone.
Open atkawa7 opened 2 years ago
atkawa7
commented
2 years ago Ended up copying the lib and changing the jose library to the common nimbus and those issues are now gone.
aistomin
commented
1 year ago @atkawa7 I have the same problem as you, but I'm not sure I understood your solution. "changing the jose library to the common nimbus" - did you change it in the source code and re-built the jar?
atkawa7
commented
1 year ago @aistomin Yes that's what I did. I think you only need to changed three or 4 lines and exception. Something along these lines
var builder = new Builder();
builder.audience(notification.getOrigin());
builder.expirationTime(Date.from(Instant.now().plus(12, ChronoUnit.HOURS)));
if (getSubject() != null) {
builder.subject(getSubject());
}
var payload = new Payload(builder.build().toJSONObject());
var jwsObject = new JWSObject(new JWSHeader(ES256), payload);
if (privateKey instanceof ECPrivateKey ecPrivateKey) {
var jwsSigner = new ECDSASigner(ecPrivateKey);
jwsObject.sign(jwsSigner);
} else {
throw new JOSEException("Expected ECPrivateKey");
}@atkawa7 sorry, one more question, did you use https://mvnrepository.com/artifact/com.nimbusds/nimbus-jose-jwt/9.23 ?
atkawa7
commented
1 year ago @aistomin Yes that's correct
chamallamudi-gopikrishna
commented
1 year ago @atkawa7 Sorry, Please Provide code line where to use? I have same problem. Especially imports
umutawakil
commented
1 year ago @atkawa7 Hi. Could you expand on your answer? Does this mean you removed the jwt code and replaced it with a 3rd party to generate the token? If so, do you know why the current code is not building a token Mozilla likes? I dont get the error you were getting with chrome but I do trying to push to the Firefox/Mozilla push service. I wonder what made this stop working
atkawa7
commented
1 year ago @umutawakil Yes that is correct. I removed jose4j and replaced it with nimbus-jose-jwt. @chamallamudi-gopikrishna
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jwt.JWTClaimsSet.Builder;
import static com.nimbusds.jose.JWSAlgorithm.ES256;
sbodmer
commented
1 year ago I have the same problem, I tried with the solution explained using nimbus, here is the code that I changed in AbstractPushService (and I adapted the rest for the JOSEException)... It still works with chrome, but not with firefox. Is there something else to modify ?
JWTClaimsSet.Builder builder = new Builder();
builder.audience(notification.getOrigin());
builder.expirationTime(Date.from(Instant.now().plus(12, ChronoUnit.HOURS)));
builder.
if (getSubject() != null) {
builder.subject(getSubject());
}
Payload payload = new Payload(builder.build().toJSONObject());
JWSObject jws = new JWSObject(new JWSHeader(ES256), payload);
if (privateKey instanceof ECPrivateKey) {
ECPrivateKey ecPrivateKey = (ECPrivateKey) privateKey;
ECDSASigner jwsSigner = new ECDSASigner(ecPrivateKey);
jws.sign(jwsSigner);
} else {
throw new JOSEException("Expected ECPrivateKey");
}
byte[] pk = Utils.encode((ECPublicKey) getPublicKey());
if (encoding == Encoding.AES128GCM) {
headers.put("Authorization", "vapid t=" + jws.serialize() + ", k=" + Base64.getUrlEncoder().withoutPadding().encodeToString(pk));
} else if (encoding == Encoding.AESGCM) {
headers.put("Authorization", "WebPush " + jws.serialize());
}The error in firefox is still a 401 (Invalid VAPID tokens: A value in the vapid claims is either missing or incorrectly specified)
aistomin
commented
1 year ago @sbodmer for me it turned out that the problem was not in the library at all. From experience I found out that Firefox requires sub parameter in the notification. When I started providing email as sub parameter "Invalid VAPID token" problem never happened to me with the latest version of the webpush-java.
sbodmer
commented
1 year ago Bingo, I added the "sub" part and now it works, thanks a lot my friend ;^) I read the spec and the "sub" is not mandatory...
aistomin
commented
1 year ago @sbodmer I'm glad it helped.
I read the spec and the "sub" is not mandatory...Yes, absolutely. Looks like it's either a Firefox bug, or intentional violation of the protocol :)
guss77
commented
10 months ago @aistomin, @sbodmer - can you please show what you changed in the code? I'm at a loss as to where to add this "sub" parameter.
sbodmer
commented
10 months ago You just have to add the Subject in your push service, nothing else changes...
Here is what I changed and solved the problem (but it was a long time ago, I'm not entirely sure...) push = new PushService(); push.setPrivateKey(vapiPrivateKey); push.setPublicKey(vapiPublicKey); push.setSubject("mailto:xxx"); //--- Needed for firefox
What was odd is that in the specification the "Subject" is not mandatory, but Firefox (not chrome) makes it mandatory, so they are violating the specifications.
Good luck
When using this library I am getting
Invalid VAPID token. This occurs randomly sometimes you won't get it at all. Sometimes you do.The response I am getting is