- The existing rpush certs are set to expire on January 3rd, 2021. These certs, which can be used with APNS v1 and v2, need to be renewed every 13 months. In the past, the renewal process has been time consuming and tedious (it often involves several team members, and importing data into production).
- With the changes on this PR, Rpush uses APNS P8 Token Based Authentication, instead of the annually renewable certificate we used on APNS v1 and v2.
- The main benefit of using P8 token based authentication is that they don't expire, so we'll never have to renew these certs with Apple (which is similar to how the GCM certs work with Google). This link contains a breakdown of the other benefits of using P8, compared to certificates.
- In addition, this PR uses data stored in the application config to create the new RpushApp records in Redis. Prior to this PR, MySql data was used as the data source to create the records in Redis. This is being done to make it easier to encrypt rpush related secrets. The code that automatically creates
RpushApp
records when there has been a Redis outage (or in the case that an environment doesn't have anyMobileDevice
records) is still in place, and has been improved on this PR.
Created
December 28, 2020 15:03
-
-
Save gregblake/39600cc56d1e1f538533db336978328a to your computer and use it in GitHub Desktop.
Migrating from APNS2 Certificates to APNS P8 Token Based Authentication
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment