Building Efficient Push Notifications using JSON Web Token (JWT)

Apple Push Notification service (APNs) is the main highlight of all remote notifications on Apple devices. Using APNs, developers can leverage the service to build engagement and deliver information to users on the iOS platform including other Apple devices like tvOS, macOS and watchOS.

With Apple’s previous update to the push notification service, you can securely connect to APNs using authentication tokens for sending pushes via the HTTP/2 API, taking away the stress of maintaining valid certificates and other associated tasks. This protocol has made it a breeze for developers to build robust push notifications. Apple’s new token-based communication with APNs also offers stateless and fast communication which is faster than certificate-based communication, since the APNs do not have to validate your certificate or any other information. In addition, you do not need to always generate a new token for each notification. Moreover, you can use a single token with multiple servers to send notifications to each one of your apps.

If you’re an iOS developer and looking to implement a token-based communication with APNs, here are a few quick steps to master JWT like a pro!

Implementation of token-based communication with APNs:

There are 3 steps to implement this:

1. Generate Signing key from member center.
2. Generate JSON Authentication token.
3. Send push notification.

Generate Signing key from member center

You can use this key for multiple application and it works on both production and development server.

To create a signing key, log in into member center and click on All in theKeys section.

Click + button on the top right corner, Give a name to your key and select APNs in the Key Services section.

Creating Signing key from member center

Click on continue and your key will be generated. Note down the Key ID and download the signing key (with .p8 extension) from download option.

Store both piece of information somewhere secure. You will need this to generate the JSON token for authentication.

Generate JSON Authentication Token

The APNs needs JSON Web Token to follow this format:

Header
{
   “alg” : “ES256”,
   “kid” : “ABC123DEFG”
} 
Claim
{
   “iss”: “DEF123GHIJ”,
   “iat”: 1437179036
}

• alg (Algorithm): The encrypting algorithm, currently APNs only support ES256
• kid (Key ID): The 10-digit Key ID we generated in the previous step.
• iss (Issuer): This will be a 10-digit Team ID that will help you develop your app.
• iat (Issed At): Number of seconds from Epoch in UTC when the token was generated.

APNs validated the iat . Token should not be older than one hour. otherwise APNs will return and ExpiredProviderToken (403) error.

So, let’s generate the token then. I’m using PHP here but you can use any language of your choice. I’m using Web Token framework to create JSON web token in PHP, You can use any framework which supports Algorithm.

Install Web Token framework using composer with the following command:

composer require web-token/jwt-framework

Add following imports in your PHP file:

Now, let's create the JSON web token.

Here’s what we did:

1. Created ES256 Algorithm for token generation.
2. Create JSON web key from the .p8 file we downloaded in the previous step. It’s the path of the file.
3. In step 3 we created the Claim part of our payload, iat id current time and iss is out Team Id.
4. Here we are building the token with payload and headers. Here we added the header alg and kid .
5. Finally, we serialize the token.

Now, we can call this function with signing key path, Key ID and Team ID to get the JSON Web Token.

$token = getToken('key/path/mykey.p8', 'Key ID', 'Team ID');

Note that you don’t need to create this token every time you want to send a notification. This is valid for one hour and can be used for all notifications.

Send push notification.

Now that we have our JSON web token we can finally send the notification to the device.

For sending the push notification to the device we need the device token, Read Registering Your App with APNs to know how to get device token.

Here’s what we have to do for sending the push notification.

1. Create a URL path by adding your device token to /3/device/<auth_token>
2. Create URL by appending the path to the base URL of APNs server.
3. Add the payload of notification in the request body.
4. Add a apns-topic header. Generally, it’s the bundle identifier of the app.
5. Add the Authorization header, Here we use the JSON web token generated in previous step. Bearer <jwt_token>.
6. Finally, execute the request.

Finally, we have everything in place. We just need to call these functions to send the notification.

That’s it!

Here’s the final code including all the steps:

Manage, Cook, Shop — Smarter! Download Chefling today! https://chefling.page.link/3juF