Menu
▾
▴
Re: [naviserver-devel] nswebpush & "invalid JWT provided"
|
From: Gustaf N. <ne...@wu...> - 2023-08-09 09:37:36
|
Hi David, We do not have nswebpush somewhere in production. Can you tell more precisely, what "suddenly" means? Does this mean, that you have not changed anything in your environment, but google started to refuse it? The implementation in nswebpush uses for JWT the algorithm ES256 (based on elliptic curves), which seems not supported by google cloud endpoints, whereas [2] uses ES256, there is as well support in firebase/php-jwt [3]. Not sure, where to start to look for helping you. -g [1] https://cloud.google.com/endpoints/docs/frameworks/python/troubleshoot-jwt?hl=en [2] https://cloud.google.com/iap/docs/signed-headers-howto?hl=en#securing_iap_headers [3] https://github.com/firebase/php-jwt/blob/main/src/JWT.php On 08.08.23 17:32, David Osborne wrote: > Hi there, > > We have a chat implementation based on the Naviserver nswebpush module > which recently stopped working with Google endpoints (eg. > https://fcm.googleapis.com/fcm/send...). > Suddenly it's complaining about invalid JWTs. > > We went back to reference the nswebpush code. > https://bitbucket.org/naviserver/nswebpush/src/main/ > We installed it on a clean Debian Bullseye server with > latest Naviserver from bitbucket. > > When we ran the "make test" we also get a 403 from Google... more > specifically, the reply was: > Webpush failed with reply status 403 time 0:88018 headers d8 body > {invalid JWT provided } https {sslversion TLSv1.3 cipher > TLS_AES_256_GCM_SHA384} > > Is anyone else experiencing this or can make any suggestions as to > what has changed? > > -- > > *David > * |
