验证 iPhone 推送通知令牌?
我尚未在我的应用程序中实现推送通知。我的理解是,在设备上运行的应用程序必须请求一个令牌,然后将此令牌发送到我的服务器,并且每当我想向设备/应用程序推送消息时,我的服务器必须将此令牌传递给Apple。
请求的推送令牌是特定于应用程序的,还是设备上的所有应用程序共享令牌?
我有什么方法可以验证设备发送到我的服务器的令牌确实是由我的应用程序内的请求生成?
我担心可能存在欺骗行为,即恶意应用程序可能会向我的服务器发送有效令牌,但该令牌不是我的应用程序请求的令牌。这会欺骗我的服务向该设备/应用程序发送推送通知。
我知道这种情况不太可能发生。我正在尝试创建一种机制来验证当我的应用程序将信息发送到我的服务器时,我确实是在与我的应用程序的实例而不是某些流氓客户端进行通信。推送通知似乎是实现这一目标的一种可能方法。
I've not yet implemented push notifications in my app. My understanding is that the app running on the device must request a token, then send this token to my server, and that my server must pass this token to Apple whenever I want to push a message to the device / app.
Is a requested push token specific to the app, or do all apps on the device share a token?
Is there any way for me to validate that the token the device sends to my server was indeed generated by a request within my app?
I'm concerned about a possible spoof where a rogue app could send a valid token to my server that wasn't a token my app requested. This would trick my service into sending push notifications to that device/app.
I understand this is an unlikely scenario. I'm trying to create a mechanism to verify that when my app sends information to my server I am indeed talking with an instance of my app, not some rogue client. Push notifications seem like a possible way to achieve this.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
请求的推送令牌是特定于应用程序的,还是设备上的所有应用程序共享令牌?
否,请求的令牌特定于您的应用程序和每个设备。
有什么方法可以让我验证设备发送到我的服务器的令牌确实是由我的应用内的请求生成的吗?
苹果有一项服务,您可以在其中查询并查明令牌是否“仍然有效”,这用于诸如当用户删除您的应用程序并且其令牌无效时,您可以查询该服务并检查是否该令牌仍然有效,如果不从数据库中删除它...因此您还可以使用此服务来确保给定的任何令牌都是有效的...无论如何,如果您尝试推送到无效令牌,我怀疑不会发生任何事情。 ..
希望这有帮助
Is a requested push token specific to the app, or do all apps on the device share a token?
No the requested token is specific to your Application and each device.
Is there any way for me to validate that the token the device sends to my server was indeed generated by a request within my app?
There is a service with apple in which you can query and find out if a token is "still valid", this is used for things such as when a user deletes your application and their token is invalidated, you can query the service and check if the token is still valid and if not delete it from your database...So you can also use this service to make sure any tokens given are valid...anyway if u try to push to an invalid token i suspect nothing will happen...
hope this helps