pywebpush icon indicating copy to clipboard operation
pywebpush copied to clipboard

Published 20 hours ago verified publisher icon web-push-libs

KaiOS support

Open mthu opened this issue 3 years ago • 4 comments

We are playing with KaiOS push notifications. Their notification service only seems to accept Content-Encoding: aesgcm. They also seem to refuse to accept Vapid02 keys (vapid Authorization scheme). Based on this code in JS library, it seems that it's a good idea to couple aesgcm encryption with WebPush (Vapid01) authorization scheme. Mozilla service happily accepts both Vapid01 and Vapid02 keys but KaiOS service does not.

It would be great if the Python lib also coupled aesgcm encoding with Vapid01 keys. Now Vapid02 is selected by default (if not provided directly as an object). This would help newcomers looking at error 400 without any message provided by the KaiOS service. On the other hand, I have not found any relation between Content-Encoding and Authorization schema in the docs.

mthu avatar Jul 26 '21 15:07 mthu

Sigh. aesgcm is from the draft standard, and there are a LOT of reasons that it should stop being supported. It kind of sounds like KaiOS hasn't updated their UA libraries to use the Android Components work, which is a bit sad, but understandable, but does mean that there's a lot of non-spec stuff in there.

For a lot of those reasons, I think it's better to require explicit declaration if you need to use the old specifications. Otherwise, it's too easy to screw up and potentially expose data.

I can see creating something like a --kaios flag as a convenience flag, maybe.

jrconlin avatar Jul 26 '21 15:07 jrconlin

I based my presumptions on this issue https://github.com/web-push-libs/web-push/issues/603. I received the same error with pywebpush and default usage scenario (Vapid02 and aes128gcm). When changed encoding to aesgcm (kept default Vapid02 auth), I received status code: 401, body: {"errno":"116"} which is not (surprisingly) documented anywhere. So I guess they haven't changed a thing.

OTOH if I used the JS library, I would avoid some extra detective work since in JS lib, aesgcm implies Vapid01 auth scheme.

mthu avatar Jul 26 '21 15:07 mthu

heh, well the js/python fail is definitely my fault because there's no common suite of tests and the python side has gotten a lot more external attention. Yeah, 401:116 is something they've defined, and is probably in whatever they're running as their push server. (REALLY hope it's not a variant of the old python2 autopush server, but 🤷🏻‍♂️)

Not sure when I can get to this, but I'll try to come up with something.

jrconlin avatar Jul 26 '21 15:07 jrconlin

I'm having the same problem and now I realize the problem was not on my side...

farooqkz avatar Dec 09 '21 14:12 farooqkz