Email or username:

Password:

Forgot your password?
Top-level
Григорий Клюшников

feld, no. That's not how it works with Mastodon (and Pixelfed). No currently existing apps do this.

The usual implementation of native mobile app push notifications involves three things:
- A server API key. It's hardcoded on the server that sends push notifications. It's used for authentication when making requests to FCM/APNS. Normally kept secret.
- A client ID. It's hardcoded in the app, used for getting a device token. Google calls it the "FCM sender ID", not sure if Apple has an equivalent or they just use bundle IDs. Mastodon Android app has it hardcoded here.
- A device token. Dynamically obtained by the app at runtime from the system, then sent to the app server. The server then passes this together with the server API key to the Google/Apple server when it wants to send a push notification to this particular device. So, the server API key and the device token together uniquely identify this particular app on this particular device. (The name "device token" might be misleading, because it's also unique per-app on the same device.)

Normally, this server API key is kept secret. I'm proposing to allow app developers to publish theirs to avoid the need for a proxy server whose primary purpose seems to be to keep that key secret (secondary being to not make Mastodon/Pixelfed/whatever implement all the proprietary push APIs).

1 comment
feld
@grishka @dansup there was a misunderstanding on my end; I agree with your description, that's how I understand it. We made a push proxy called Charisma for apps we were working on along side Pleroma so this is familiar.

if there was the ability to *not* have a push proxy run by the app developers it would be great. I strongly support your proposal.
Go Up