403 - aud claim in the token MUST include the origin of the push resource URL

zaru / webpush

webpush, Encryption Utilities for Web Push protocol

MIT License

396 stars 73 forks source link

403 - aud claim in the token MUST include the origin of the push resource URL #82

Closed kiddrew closed 5 years ago

kiddrew commented 5 years ago

I'm getting this error message randomly. The code looks simple enough, so I don't immediately see what could be causing it. The endpoint param is this format:

https://android.googleapis.com/gcm/send/eDD5G1tIe9...

But it doesn't seem to be isolated to android URLs.

collimarco commented 5 years ago

We deliver to millions of recipients and I have never seen this error: the problem is definitely related to the endpoint, not a library bug.

The domain android.googleapis.com belongs to GCM, which was deprecated and then removed many months ago. For Chrome the correct domain is fcm.googleapis.com.

kiddrew commented 5 years ago

Interesting. I just created that push subscription a few weeks ago, and that's the URL they gave me back. I'll just start catching those and invalidating the subscriptions. Thanks for the help. This gem saved me a ton of time.