I am not new to Apple Push Notification Service so when it came time to revamp a projects APNs setup I first cringed then took a deep breath and then went to the start of the mountain mule trail that is the process of getting this task done.
The trail is full of arcane cryptography spells and linux rituals. But it all starts with visiting the Apple developer site and getting two certificates: one for the sandbox and one for production. As I went to the Apple developer site, I knew that the next steps would be to flip through the spell books stored in Google for the spells to turn what I got from Apple into what I could use in PHP.
I started with the sandbox certificate and it was the familiar process of requesting a request from my local Keychain assistant then presenting that request to the Apple developer site to get the little scrape of text that would become a pem with the appropriate crypto-rituals. This is a yearly ritual both tedious and familiar.
Next I went to get the production certificate. But instead of being sent to my local Keychain assistant, I could only pick up the magic APNs Auth Key that promised to never expire. And the key would open both the door to the sandbox server and the door to production server. Also, once downloaded, the key would not be presented again. Ever. A magic key that could open both doors and never expire sounded good. “But what’s the catch?” came the quiet voice inside my head.
The catch was that my servers in this project can’t use the key.
The mountain that this mule trail winds its way through has a complex topology with many valleys and passes. I am sure there are easier passes out there, but to find these passes you’d have to start on different trails. My trail starts with PHP. Perhaps if my trail started with Node.js or Ruby or something else, the pass across the mountain could have been found easier. But that is not relevant.
With the APNs Auth Key in hand, the first step is to try to figure out if there is a map to this trail. Flipping through Google, you’ll find the APNs Provider API on the Apple developer site. The API uses HTTP/2 network protocol with JSON Web Tokens (JWT) for authentication.
The easy part of the trail was the creation of JSON Web Tokens. There are a number of PHP packages that will handle this for you.
The first catch is that Apple’s APNs servers are using HTTP/2. So that means that I rebuild curl for HTTP/2.
Second catch is that they need openssl 1.0.2. I don’t want to mess around too much with recompiling a lot of things so I look at a couple flavours of Linux that Goole cloud will set up for me. Both Debian and Centos won’t play nice with me.
But there is Ubuntu 16.04 with openssl 1.0.2 out of the box!
So all I need to do is set up another server to handle the APNs stuff. But…
Of course at the start of this mountain trail, I came across this very helpful tutorial: Send Push Notifications to iOS Devices using Xcode 8 and Swift 3. Of course, the title of the tutorial isn’t complete. They missed the really important part. They should have added “and Node.js v4.” My trek down this arduous trail was to avoid adding Node.js to one of my other existing servers.
At some point though, the best path is to ditch the trail. I have stuff that isn’t broken, doesn’t need to get fixed (yet) on an existing server. If my map to my mountainous trail involves setting up another server, I don’t need to stick with PHP.
So. I fired up the Ubuntu 16.04, installed Node.js, and installed the various packages to support the apn.js script. All very easy.
The next step was to get what needed to be posted. For that, I opened an endpoint on my api on the primary server to query for stuff that needed to be posted. Done and working just fine.
As a side benefit, I’m using this new server to handle various other timed functions with Node.js. That functionality is no longer sitting on the primary server.
In the end, I must apologize. The title of this blog posting is “APNs Auth Key with HTTP/2 and PHP” but I don’t tell you how to do that. Instead, my advice is to find or configure a server that handles HTTP/2 and openssl 1.0.2, and then install Node.js v4 to send your notifications to Apple’s server.
