Search Results

Search found 52 results on 3 pages for 'apns'.

Page 2/3 | < Previous Page | 1 2 3  | Next Page >

  • Show UIAlertView that is same as UIRemoteNotification when app is running in foreground

    - by Sidwyn Koh
    I understand that we can handle push notifications via the method: - (void)application:(UIApplication *)application didReceiveRemoteNotification:(NSDictionary *)userInfo and we can check if the app was running in the foreground: if (application.applicationState == UIApplicationStateActive ) { ... } How do we show the exact same notification with localisation? NSString *message = [[[userInfo valueForKey:@"aps"] valueForKey:@"alert"] valueForKey:@"loc-key"]; NSString *trueMessage = NSLocalizedString(message, nil); UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:@"Alert" message:trueMessage cancelButtonItem:@"OK" otherButtonItems:@"Show", nil]; [alertView show]; This shows the raw unlocalized text, e.g. "You have a new alert from %1@ on %2@." My question is, how can we place the loc-args inside the UIAlertView as well, when the app is running in the foreground?

    Read the article

  • ApnsPHP in server mode (ApnsPHP_Push_Server)

    - by Kukosk
    Hi, Im using ApnsPHP for push notifications on my server, but it's a little bit slow when you have to send a lot of notifications, so i decided to Run it in the server mode. I just want it to run in cron every 1 hour, check if there are some notifications to be sent, and if yes, run it in 5 processes to be faster. I'm sending updates to my users once a day depending on the timezone they set. So i have to run it every hour, and send messages to timezones that actually have 12:00 PM. Is there any way to do this? I know there is a demonstration but i just have no clue about how to do it. A simple sample will really help. Thank you millions!!

    Read the article

  • Push notifications work for Ad Hoc, but not when downloaded from the Apple store.

    - by MikeQ
    My app just got approved for the apple store. I downloaded it an installed it on my iPhone - but it looks like push notifications are broken! I was successfully testing push notifications in production using an adHoc provisioning profile. I had no problems. The only thing I did differently when I submitted to apple was using an app store distribution profile. The application never asks me (or anyone else who has downloaded it) if I want to receive push notifications. Consequently, the phone never talks to my server to send the push token (because application:didRegisterForRemoteNotificationsWithDeviceToken: is presumably never called). Also the application does not appear in the settings app under the notification settings. What could I be doing wrong??

    Read the article

  • Problem generating APN SSL certificate after submitting to apple store

    - by MikeQ
    I'm having trouble getting Apple to generate an APN SSL certificate for my app ID. I've submitted the application to the Apple store, and it is pending review. I tested the application using an Ad Hoc app ID "${bundle_id}.adHoc" and everything went fine. I submitted to the Apple store with app ID "${bundle_id}.release". Now I want to generate my production APN SSL certificate for use with my release application ID - but the developer portal doesn't want to. When I upload my certificate request, it sits for about a minute before telling me: "We are not able to generate your Profile at this time. Please try again later or try using the Provisioning Portal" Is it impossible to generate your certificate while the application is under review or something? Should I have generated it prior to submission?

    Read the article

  • Apple Push Notification with Sending Custom Data

    - by SharmaJI
    I am sending push notifications from php job application to iphone. I am sending push notifications regarding new jobs. Is this possible that when user click on the view of push notification pop up , then user redirect to the particular job in the device. I mean I wanted to know can I send any custom data with push notification like jobId,something else....so that Iphone end Can retrieve and show the particular job ? Thanks.

    Read the article

  • Apple Push Notification Feedback Service - how frequently does it check

    - by gem
    I have been able to successfully create push notifications and I have also received responses from the feedback service, so I am confident that my configuration is correct, but I was wondering, how long after a device has been made inactive, will it be picked up by the Apple Push Notification Service. When I first polled the feedback service, I received details on devices which were inactive several days ago. Now, while testing, when I uninstall the application and occasionally poll the feedback service, I'm not receiving any results. Any idea on how long it takes to update would be useful, as I'm no longer sure if the issue is else where in my code or if I'm just testing too soon. Thanks in advance

    Read the article

  • what causes a bad token on iPhone- NSLog(@"token:%@",[devToken description]); crashes

    - by Grant M
    I am getting a bad token passed to me in - (void)application:(UIApplication *)app didRegisterForRemoteNotificationsWithDeviceToken:(NSData *)devToken this code crashes on my iPhone but not my clients. - (void)application:(UIApplication *)app didRegisterForRemoteNotificationsWithDeviceToken:(NSData *)devToken { NSLog(@"token:%@",[devToken description]); } I think something is wrong with my stored notifications settings on my iPhone but I can't find a way to delete them. deleting the app does not seem to do it.

    Read the article

  • Urban Airship Tags issue

    - by Moshe
    I modified the alias sample code from: [request addRequestHeader: @"Content-Type" value: @"application/json"]; [request appendPostData:[[NSString stringWithFormat: @"{\"alias\": \"%@\"}", self.deviceAlias] dataUsingEncoding:NSUTF8StringEncoding]]; to: [request addRequestHeader: @"Content-Type" value: @"application/json"]; [request appendPostData:[[NSString stringWithFormat: @"{\"tags\": \"%@\"}", offsetStr] dataUsingEncoding:NSUTF8StringEncoding]]; offsetStr is a string containing a Timezone offset (which can be any number between -12 and 12). For some reason, Urban Airship is making each character of the string into its own tag. I've tried to substitute the - for a string neg with the same results. What's wrong?

    Read the article

  • Push notification or thread with timer

    - by neha
    Hi all, In my application, I'm having functionality like twitter that when you have not refreshed your screen, and if there're new messages then you get this message that "You have n new messages" and a refresh button, which on press will refresh the screen. I'm basically fetching all the data from an xml with some url. In case of thread, I need to call a timer after some time period which might affect the app performance. Can anybody please suggest wheather what will be better to use push notifications or thread with timer? Thanx in advance.

    Read the article

  • register device at run time

    - by user177893
    In the App ID section of the Program Portal, locate the App ID you wish to use with the Apple Push Notification service. Only App IDs with a specific bundle ID can be used with the APNs. You cannot use a “wild-card” application ID. You must see “Available” under the Apple Push Notification service column to register this App ID and configure a certificate for this App ID. Click the ‘Configure’ link next to your desired App ID. In the Configure App ID page, check the Enable Push Notification Services box and click the Configure button. Clicking this button launches the APNs Assistant, which guides you through the next series of steps that create your App ID specific Client SSL certificate. Download the Client SSL certificate file to your download location. Navigate to that location and double-click the certificate file (which has an extension of cer) to install it in your keychain. When you are finished, click Done in the APNS Assistant. Double-clicking the file launches Keychain Access. Make sure you install the certificate in your login keychain on the computer you are using for provider development. The APNs SSL certificate should be installed on your notification server. When you finish these steps you are returned to the Configure App ID page of the iPhone Dev Center portal. The certificate should be badged with a green circle and the label “Enabled”. To complete the APNs set-up process, you will need to create a new provisioning profile containing your APNs-enabled App ID. IS it posssible to do theses steps through code.

    Read the article

  • How can I do an SSL connection with PHP

    - by Anth0
    Hi, I need to develop a PHP class to communicate with Apple servers in order to do Push notification (APNS). I have the certificate (.pem) and I tried to follow various tutorials found on Internet but I'm still getting error trying to connect to ssl://gateway.sandbox.push.apple.com:2195 with stream socket : $apnsHost = 'gateway.sandbox.push.apple.com'; $apnsPort = 2195; $apnsCert = 'apns-dev.pem'; $streamContext = stream_context_create(); stream_context_set_option($streamContext, 'ssl', 'local_cert', $apnsCert); $apns = stream_socket_client('ssl://'.$apnsHost.':'.$apnsPort, $error, $errorString, 2, STREAM_CLIENT_CONNECT, $streamContext); A telnet on this URL works so port 2195 is opened. Openssl is activated on PHP since I get "Registered Stream Socket Transports : tcp, udp, ssl, sslv3, sslv2, tls" with a phpinfo(). My certificate is well read (PHP is_readable(certif.pem) returns true on the file) Is there anything else to activate in Apache or PHP to get it work ?

    Read the article

  • can not connect the apples APN server for pusNotification from by PHP code

    - by faisal
    Hi developers, To connect my server with the APN server I use the following code. // coonecting the apn server $apnsHost = 'gateway.sandbox.push.apple.com'; $apnsPort = 2195; $apnsCert = 'apns-dev.pem'; $streamContext = stream_context_create(); stream_context_set_option($streamContext, 'ssl', 'local_cert', $apnsCert); $apns = stream_socket_client('ssl://' . $apnsHost . ':' . $apnsPort, $errorNo, $errorString, 2, STREAM_CLIENT_CONNECT, $streamContext); But I am failed to connect, I print the $errorNo and $errorString the output was: error: Connection timed out errorNo: 110 But I am also getting the following warnings in errorLog: unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Connection timed out) in /home/riseupla/public_html/applications/apn/apn.php on line 35 what shoud I do? plz help. NOTE: I can send pushnotification by my mac project (using push me baby project). But my PHP project failed to connect.

    Read the article

  • Apple Push Notification Service - notification messages aren't sent to iphone device

    - by crazywood
    Hi all, I constructed provider code with using C# and it was able to send notification messages to iphone devices successfully. But since yesterday, it hasn't worked. Also it seems to connect APNS successfully and send notification message. Unfortunately, no notification message is received by iphone device. I controlled internet connection and device token of iphone device. What else can I do? Thanks in advance...

    Read the article

  • Send device token with HTTP POST

    - by tech74
    Hi, we need to send an http post from an iphone device to our server with some info which the device token (APNS) which we want to store. How on the server do you read the HTTP post and store what is in it? We just have a standard ISP hosted server which currently just has a website. Thanks

    Read the article

  • SOCKS Proxy and HTTP Proxy considerations with push notifications

    - by J.Ashworth
    I'm working with push notifications in a mobile application, and I've been informed that a lot of our clients may be using SOCKS or HTTP proxies for outbound and inbound traffic. Is there anything in particular I need to program or document with regards to deploying our mobile app in this sort of environment? If you were setting up and installing the application server, what guarantees would you want from the person that had programmed it? Specifically regarding push notification services for all four major OSes (APNS, GCM, BPS and MPNS). I've got absolutely no experience with proxies or server deployment, in case you couldn't tell :)

    Read the article

  • Installing the Apple Root Certificate Authority on CentOS CLI

    - by Daniel Hollands
    I could be barking up the wrong tree here, but I'm looking for help on installing Apple's Root certificate (http://www.apple.com/certificateauthority/) on a CentOS server via the command line - which I need to send messages to their APNS system. The code I'm using for this purpose is a variation on this: https://github.com/jPaolantonio/SimplePush/blob/master/simplepush.php - which works perfectly well on a Windows server, but as soon as we try to use it on a CentOS one, it falls over. We're lead to believe this has something to do with not having the CA installed on our CentOS box - but all efforts to do so have failed. As the CentOS server is headless, we need the ability to do this via the commandline. Can someone help?

    Read the article

  • Building a specific piece of Android platform?

    - by Chrisc
    Hi, I have been trying to build only the "/libcore" directory of the Android platform. When I try mmm libcore I end up with the following output: ============================================ PLATFORM_VERSION_CODENAME=REL PLATFORM_VERSION=2.1-update1 TARGET_PRODUCT=generic TARGET_BUILD_VARIANT=eng TARGET_SIMULATOR=false TARGET_BUILD_TYPE=release TARGET_ARCH=arm HOST_ARCH=x86 HOST_OS=linux HOST_BUILD_TYPE=release BUILD_ID=ECLAIR ============================================ make: Entering directory `/home/chris/android/platform' target Prebuilt: (out/target/product/generic/system/etc/security/cacerts.bks) host Prebuilt: run-core-tests-on-ri (out/host/linux-x86/obj/EXECUTABLES/run-core-tests-on-ri_intermediates/run-core-tests-on-ri) target Prebuilt: run-core-tests (out/target/product/generic/obj/EXECUTABLES/run-core-tests_intermediates/run-core-tests) Copy: out/target/product/generic/system/etc/apns-conf.xml Copying: out/target/common/obj/JAVA_LIBRARIES/core_intermediates/classes-full-debug.jar Copying: out/target/common/obj/JAVA_LIBRARIES/core-tests_intermediates/classes-full-debug.jar /bin/bash: jar: command not found make: *** [out/host/common/core-tests.jar] Error 127 make: *** Deleting file `out/host/common/core-tests.jar' make: Leaving directory `/home/chris/android/platform' Does anyone have any suggestions on what Error 127 is, or another method I can go about building "libcore" without having to build the entire platform again? Thanks, Chris

    Read the article

  • executable was signed with invalid entitlements ?

    - by balraj
    HI,all I am trying to install an app in the iphone using the adhoc build configuration for this i have made all the things first i created the app id that is enable fort he APNS and then create the profile and certificates and than i download to my system and then in the project i have made a plist name Adhoc_Entitlements.plist and in the code signing entitlements i put it name with extension and in the bundle identifier i put the name of the identifier that is used in the provision file and when i try to install in the device it throws the error i have mentioned,Any solution or anything that i am doing wrong.This is the error message i got when i try to install in the device. Thanks the error message is as -- The entitlements specified in your application's code signing entitlements file do not match those specified in your provisioning profile.

    Read the article

  • Identifying iPhone OS's on a Network and Sending Push Notifications

    - by portalservices
    tldr; Can you identify devices on your network as an iPhone OS device easily? Can you send push notifications to devices identified as using the iPhone OS on your network without a a target app? Is is possible to identify which devices on a network are using the iPhone OS? With this information, is it possible to send push notifications to these devices? From my understanding, your application server will contact APNs, which will contact the users. So, the above would be impossible. Can someone confirm this for me? Thanks, P.S.

    Read the article

  • Function 'didFinishLaunchingWithOptions' getting invoked inappropriately

    - by clint
    I connected my IOS device to a MAC processor and installed/initialized my app running in xcode or dragged it from itunes folder. Now i physically disconnected my device from the processor and through wifi enabled in the device, sent notifications/messages through APNS to the device. I was able to successfully receive notifications in the device. Now after some time, i reconnected the device to the processor, which lead to a problem of the app launching again and calling 'didFinishLaunchingWithOptions' method again, which is not desirable as the launch/initialization should happen only once. This behaviour is random ie. every time when i disconnect/reconnect, it is not happening, only sometimes. Why is this happening. What could be the reason for this random behaviour. Any help will be appreciated.Thanks

    Read the article

  • PHP application failed to connect after a network plugged back in

    - by tntu
    My data-center appears to have had some issues with their network and thus my server has suffered from on an off network connectivity for about an hour. After the connection has been completely re-established my code still kept reporting the same issue over and over until I have restarted the service. The code is a simple PHP code that loops forever checking the Apple feed-back server and then sleeps for a few minutes and then it begins all over again. Now I understand the error being generated if the network is down but once it got back up why did it continue until I have restarted the code? Does PHP have something that needs to be re-initialized or something?? Messges log: Dec 20 08:57:22 server kernel: r8169: eth0: link down Dec 20 08:57:28 server kernel: r8169 0000:06:00.0: eth0: link up Dec 20 08:57:29 server kernel: r8169: eth0: link down Dec 20 08:57:33 server kernel: r8169 0000:06:00.0: eth0: link up Dec 20 08:57:33 server kernel: r8169: eth0: link down Dec 20 08:57:37 server kernel: r8169 0000:06:00.0: eth0: link up Dec 20 08:57:38 server kernel: r8169: eth0: link down Dec 20 08:57:44 server kernel: r8169 0000:06:00.0: eth0: link up Dec 20 08:57:44 server kernel: r8169: eth0: link down Dec 20 08:57:52 server kernel: r8169 0000:06:00.0: eth0: link up Dec 20 08:57:52 server kernel: r8169: eth0: link down Dec 20 09:10:58 server kernel: r8169 0000:06:00.0: eth0: link up PHP Error: PHP Warning: stream_socket_client(): php_network_getaddresses: getaddrinfo failed: Name or service not known in /home/push/feedback.php on line 36 Code Line 36: $apns = stream_socket_client('ssl://feedback.sandbox.push.apple.com:2196', $errcode, $errstr, 60, STREAM_CLIENT_CONNECT, $stream_context);

    Read the article

  • How to set SQL_BIG_SELECTS = 1 from VB(legacy ASP) with ADODB environment?

    - by conecon
    I encountered The SELECT would examine more than MAX_JOIN_SIZE rows; check your WHERE and use SET SQL_BIG_SELECTS=1 or SET SQL_MAX_JOIN_SIZE=# if the SELECT is okay error with my ASP code. ASP code has server side ADODB connection with MySQL and connection seems not be able to execute multiple query. How to implement SQL_BIG_SELECTS = 1 in my code? Set obj_db = Server.CreateObject("ADODB.Connection") Session("ConnectionString") = "dsn=dsn1016189_mysql;uid=apns;pwd=mypassword;DATABASE=mydb;APP=ASP Script;STMT=SET CHARACTER SET SJIS" obj_db.Open Session("ConnectionString") Set obj_ret = Server.CreateObject("ADODB.Recordset") obj_ret.CursorLocation = 3 and executing SQL... SQL_BIG_SELECTS = 1; SELECT pu.login_id, pu.p_login_id, pu.first_name, pu.last_name, pu.sex, pu.is_admin, pu.attendance, pu.invited, pu.reason, qaa1.answer AS qaa1_answer, COUNT(pu2.p_login_id) AS companion FROM party_user pu LEFT OUTER JOIN party_user pu2 ON pu2.p_login_id = pu.login_id LEFT OUTER JOIN qa_answer qaa1 ON qaa1.login_id = pu.login_id AND qaa1.party_id = pu.party_id AND qaa1.sort_num = '1' WHERE pu.party_id = '92' AND pu.p_login_id = '' GROUP BY pu.login_id, pu.p_login_id, pu.first_name, pu.last_name, pu.sex, pu.is_admin, pu.attendance, pu.reason, qaa1.answer, pu.invited ORDER BY pu.login_id ASC; I can't execute multiple query and above query become error. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT pu.login_id, pu.p_login_id, pu.first_name, pu.last_name, pu.sex, pu.is_ad' at line 1

    Read the article

  • Apple push Notification Feedback service Not working

    - by Yassmeen
    Hi, I am developing an iPhone App that uses Apple Push Notifications. On the iPhone side everything is fine, on the server side I have a problem. Notifications are sent correctly however when I try to query the feedback service to obtain a list of devices from which the App has been uninstalled, I always get zero results. I know that I should obtain one result as the App has been uninstalled from one of my test devices. After 24 hours and more I still have no results from the feedback service.. Any ideas? Does anybody know how long it takes for the feedback service to recognize that my App has been uninstalled from my test device? Note: I have another push notification applications on the device so I know that my app is not the only app. The code - C#: public static string CheckFeedbackService(string certaName, string hostName) { SYLogger.Log("Check Feedback Service Started"); ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate); // Create a TCP socket connection to the Apple server on port 2196 TcpClient tcpClientF = null; SslStream sslStreamF = null; string result = string.Empty; //Contect to APNS& Add the Apple cert to our collection X509Certificate2Collection certs = new X509Certificate2Collection { GetServerCert(certaName) }; //Set up byte[] buffer = new byte[38]; int recd = 0; DateTime minTimestamp = DateTime.Now.AddYears(-1); // Create a TCP socket connection to the Apple server on port 2196 try { using (tcpClientF = new TcpClient(hostName, 2196)) { SYLogger.Log("Client Connected ::" + tcpClientF.Connected); // Create a new SSL stream over the connection sslStreamF = new SslStream(tcpClientF.GetStream(), true,ValidateServerCertificate); // Authenticate using the Apple cert sslStreamF.AuthenticateAsClient(hostName, certs, SslProtocols.Default, false); SYLogger.Log("Stream Readable ::" + sslStreamF.CanRead); SYLogger.Log("Host Name ::"+hostName); SYLogger.Log("Cert Name ::" + certs[0].FriendlyName); if (sslStreamF != null) { SYLogger.Log("Connection Started"); //Get the first feedback recd = sslStreamF.Read(buffer, 0, buffer.Length); SYLogger.Log("Buffer length ::" + recd); //Continue while we have results and are not disposing while (recd > 0) { SYLogger.Log("Reading Started"); //Get our seconds since 1970 ? byte[] bSeconds = new byte[4]; byte[] bDeviceToken = new byte[32]; Array.Copy(buffer, 0, bSeconds, 0, 4); //Check endianness if (BitConverter.IsLittleEndian) Array.Reverse(bSeconds); int tSeconds = BitConverter.ToInt32(bSeconds, 0); //Add seconds since 1970 to that date, in UTC and then get it locally var Timestamp = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(tSeconds).ToLocalTime(); //Now copy out the device token Array.Copy(buffer, 6, bDeviceToken, 0, 32); string deviceToken = BitConverter.ToString(bDeviceToken).Replace("-", "").ToLower().Trim(); //Make sure we have a good feedback tuple if (deviceToken.Length == 64 && Timestamp > minTimestamp) { SYLogger.Log("Feedback " + deviceToken); result = deviceToken; } //Clear array to reuse it Array.Clear(buffer, 0, buffer.Length); //Read the next feedback recd = sslStreamF.Read(buffer, 0, buffer.Length); } SYLogger.Log("Reading Ended"); } } } catch (Exception e) { SYLogger.Log("Authentication failed - closing the connection::" + e); return "NOAUTH"; } finally { // The client stream will be closed with the sslStream // because we specified this behavior when creating the sslStream. if (sslStreamF != null) sslStreamF.Close(); if (tcpClientF != null) tcpClientF.Close(); //Clear array on error Array.Clear(buffer, 0, buffer.Length); } SYLogger.Log("Feedback ended "); return result; }

    Read the article

  • Standards Corner: OAuth WG Client Registration Problem

    - by Tanu Sood
    Phil Hunt is an active member of multiple industry standards groups and committees (see brief bio at the end of the post) and has spearheaded discussions, creation and ratifications of  Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-ascii- mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi- mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} industry standards including the Kantara Identity Governance Framework, among others. Being an active voice in the industry standards development world, we have invited him to share his discussions, thoughts, news & updates, and discuss use cases, implementation success stories (and even failures) around industry standards on this monthly column. Author: Phil Hunt This afternoon, the OAuth Working Group will meet at IETF88 in Vancouver to discuss some important topics important to the maturation of OAuth. One of them is the OAuth client registration problem.OAuth (RFC6749) was initially developed with a simple deployment model where there is only monopoly or singleton cloud instance of a web API (e.g. there is one Facebook, one Google, on LinkedIn, and so on). When the API publisher and API deployer are the same monolithic entity, it easy for developers to contact the provider and register their app to obtain a client_id and credential.But what happens when the API is for an open source project where there may be 1000s of deployed copies of the API (e.g. such as wordpress). In these cases, the authors of the API are not the people running the API. In these scenarios, how does the developer obtain a client_id? An example of an "open deployed" API is OpenID Connect. Connect defines an OAuth protected resource API that can provide personal information about an authenticated user -- in effect creating a potentially common API for potential identity providers like Facebook, Google, Microsoft, Salesforce, or Oracle. In Oracle's case, Fusion applications will soon have RESTful APIs that are deployed in many different ways in many different environments. How will developers write apps that can work against an openly deployed API with whom the developer can have no prior relationship?At present, the OAuth Working Group has two proposals two consider: Dynamic RegistrationDynamic Registration was originally developed for OpenID Connect and UMA. It defines a RESTful API in which a prospective client application with no client_id creates a new client registration record with a service provider and is issued a client_id and credential along with a registration token that can be used to update registration over time.As proof of success, the OIDC community has done substantial implementation of this spec and feels committed to its use. Why not approve?Well, the answer is that some of us had some concerns, namely: Recognizing instances of software - dynamic registration treats all clients as unique. It has no defined way to recognize that multiple copies of the same client are being registered other then assuming if the registration parameters are similar it might be the same client. Versioning and Policy Approval of open APIs and clients - many service providers have to worry about change management. They expect to have approval cycles that approve versions of server and client software for use in their environment. In some cases approval might be wide open, but in many cases, approval might be down to the specific class of software and version. Registration updates - when does a client actually need to update its registration? Shouldn't it be never? Is there some characteristic of deployed code that would cause it to change? Options lead to complexity - because each client is treated as unique, it becomes unclear how the clients and servers will agree on what credentials forms are acceptable and what OAuth features are allowed and disallowed. Yet the reality is, developers will write their application to work in a limited number of ways. They can't implement all the permutations and combinations that potential service providers might choose. Stateful registration - if the primary motivation for registration is to obtain a client_id and credential, why can't this be done in a stateless fashion using assertions? Denial of service - With so much stateful registration and the need for multiple tokens to be issued, will this not lead to a denial of service attack / risk of resource depletion? At the very least, because of the information gathered, it would difficult for service providers to clean up "failed" registrations and determine active from inactive or false clients. There has yet to be much wide-scale "production" use of dynamic registration other than in small closed communities. Client Association A second proposal, Client Association, has been put forward by Tony Nadalin of Microsoft and myself. We took at look at existing use patterns to come up with a new proposal. At the Berlin meeting, we considered how WS-STS systems work. More recently, I took a review of how mobile messaging clients work. I looked at how Apple, Google, and Microsoft each handle registration with APNS, GCM, and WNS, and a similar pattern emerges. This pattern is to use an existing credential (mutual TLS auth), or client bearer assertion and swap for a device specific bearer assertion.In the client association proposal, the developer's registration with the API publisher is handled by having the developer register with an API publisher (as opposed to the party deploying the API) and obtaining a software "statement". Or, if there is no "publisher" that can sign a statement, the developer may include their own self-asserted software statement.A software statement is a special type of assertion that serves to lock application registration profile information in a signed assertion. The statement is included with the client application and can then be used by the client to swap for an instance specific client assertion as defined by section 4.2 of the OAuth Assertion draft and profiled in the Client Association draft. The software statement provides a way for service provider to recognize and configure policy to approve classes of software clients, and simplifies the actual registration to a simple assertion swap. Because the registration is an assertion swap, registration is no longer "stateful" - meaning the service provider does not need to store any information to support the client (unless it wants to). Has this been implemented yet? Not directly. We've only delivered draft 00 as an alternate way of solving the problem using well-known patterns whose security characteristics and scale characteristics are well understood. Dynamic Take II At roughly the same time that Client Association and Software Statement were published, the authors of Dynamic Registration published a "split" version of the Dynamic Registration (draft-richer-oauth-dyn-reg-core and draft-richer-oauth-dyn-reg-management). While some of the concerns above are addressed, some differences remain. Registration is now a simple POST request. However it defines a new method for issuing client tokens where as Client Association uses RFC6749's existing extension point. The concern here is whether future client access token formats would be addressed properly. Finally, Dyn-reg-core does not yet support software statements. Conclusion The WG has some interesting discussion to bring this back to a single set of specifications. Dynamic Registration has significant implementation, but Client Association could be a much improved way to simplify implementation of the overall OpenID Connect specification and improve adoption. In fairness, the existing editors have already come a long way. Yet there are those with significant investment in the current draft. There are many that have expressed they don't care. They just want a standard. There is lots of pressure on the working group to reach consensus quickly.And that folks is how the sausage is made.Note: John Bradley and Justin Richer recently published draft-bradley-stateless-oauth-client-00 which on first look are getting closer. Some of the details seem less well defined, but the same could be said of client-assoc and software-statement. I hope we can merge these specs this week. Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-ascii- mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi- mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} About the Writer: Phil Hunt joined Oracle as part of the November 2005 acquisition of OctetString Inc. where he headed software development for what is now Oracle Virtual Directory. Since joining Oracle, Phil works as CMTS in the Identity Standards group at Oracle where he developed the Kantara Identity Governance Framework and provided significant input to JSR 351. Phil participates in several standards development organizations such as IETF and OASIS working on federation, authorization (OAuth), and provisioning (SCIM) standards.  Phil blogs at www.independentid.com and a Twitter handle of @independentid.

    Read the article

< Previous Page | 1 2 3  | Next Page >