问题
I'm sending my push notifications with an APNs Auth Key ("never expires") which worked well until suddenly I get
403 Forbidden: {"reason":"InvalidProviderToken"}
as a response when sending push notifications. What could be the reason for this when it worked once and suddenly it doesn't without having an expiration date? In the meantime it worked again for some pushes, but now I get the error again... Did anyone else experience this?
EDIT
Not sure but it seems as if this only happens on the Ubuntu server, not on my local (OS X) machine...
回答1:
I've seen this in a couple of circumstances:
Resubmitting expired provider tokens seems to get the token blacklisted and results in subsequent
InvalidProviderTokenrejections rather thanExpiredProviderTokenrejections. Check you logs for token expiry messages. Check your system clock to make sure that you're not generating tokens with skewed timestamps.Submitting to invalid topics will invalidate all provider tokens on the connection (even previously valid ones). Only submit to topics that the key is bound to and only use one key per connection.
回答2:
The server does respond with an InvalidToken and/or an ExpiredToken error. Your authentication token shouldn't contain any '=', '+', '-', Double check if your token hasn't this any of those. Also the signature (3rd part of the token, should be Base64URL encoded, so without the previous mentioned characters).
回答3:
we have exactly the same problem when sending pushes to different team ids using the same connection. The steps to reproduce are:
Open a connection to APNS and use the same connection to:
Send a token based push to topic
com.companyA.xxxof team id1234: APNS accepts and delivers the push successfully.- Send a token based push to topic
io.companyB.xxxof team id5678: APNS respondsHTTP 400 BadRequest The device token does not match the specified topic - Send again a token based push to topic
io.companyB.xxxof team id5678: APNS respondsHTTP 403 Forbidden: the provider token is not valid or the token signature could not be verified.
After this it becomes impossible to send any push and the connection has to be closed and reopened.
The workaround we ended up doing is to open one connection per team id. The APNS documentation does not mention anything like that so I do consider this as a bug and I opened a bug report.
回答4:
for me the server time was invalid, fixing the server time solved the issue
回答5:
For me, there was an issue with bad configuration. I was using the wrong Team ID. Please make sure that all configuration is correct before you look into any other solutions.
回答6:
I had been using the Name of the key instead of the Key ID. Verifying on https://developer.apple.com/account/resources/authkeys/review/ showed the correct value.
回答7:
Apple's APN documentation says:
APNs supports only provider authentication tokens that are signed with the ES256 algorithm. Unsecured JWTs [JSON Web Tokens], or JWTs signed with other algorithms, are rejected, and your provider server receives the InvalidProviderToken (403) response.
So, it appears that the problem is not with your auth kiey; it's actually an issue with the web token that was generated from your key.
来源:https://stackoverflow.com/questions/42549421/ios-sending-push-with-apns-auth-key-suddenly-403-forbidden-reasoninvalid