webpush-wg / webpush-vapid

Voluntary application server self-identification for web push
3 stars 2 forks source link

Move public key to the authorization header field #28

Closed martinthomson closed 7 years ago

martinthomson commented 7 years ago

We should also switch to using the auth-param form:

Authorization: webpush token="JWTTOKEN.blah.blah",k="AApubkey-___"

Note that this requires sniffing, probably for ','.

martinthomson commented 7 years ago

Addressed in 7c84e3497a681c7c6479e576f8ff7d0ee7b9466c