Hi David,
We do not have nswebpush somewhere in production. Can you tell more
precisely, what "suddenly" means?
Does this mean, that you have not changed anything in your environment,
but google started to refuse it?
The implementation in nswebpush uses for JWT the algorithm ES256 (based
on elliptic curves), which seems not supported by google cloud
endpoints, whereas [2] uses ES256, there is as well support in
firebase/php-jwt [3]. Not sure, where to start to look for helping you.
-g
[1]
https://cloud.google.com/endpoints/docs/frameworks/python/troubleshoot-jwt?hl=en
[2]
https://cloud.google.com/iap/docs/signed-headers-howto?hl=en#securing_iap_headers
[3] https://github.com/firebase/php-jwt/blob/main/src/JWT.php
On 08.08.23 17:32, David Osborne wrote:
Hi there,
We have a chat implementation based on the Naviserver nswebpush module
which recently stopped working with Google endpoints (eg.
https://fcm.googleapis.com/fcm/send...).
Suddenly it's complaining about invalid JWTs.
We went back to reference the nswebpush code.
https://bitbucket.org/naviserver/nswebpush/src/main/
We installed it on a clean Debian Bullseye server with
latest Naviserver from bitbucket.
When we ran the "make test" we also get a 403 from Google... more
specifically, the reply was:
Webpush failed with reply status 403 time 0:88018 headers d8 body
{invalid JWT provided } https {sslversion TLSv1.3 cipher
TLS_AES_256_GCM_SHA384}
Is anyone else experiencing this or can make any suggestions as to
what has changed?
--
*David
*
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel